You are currently viewing Cisco Patched High Severity Bugs in Networking and Communications Products

Cisco Patched High Severity Bugs in Networking and Communications Products

Flaws found in Cisco

Various flaws in the API and web-based management interface of Cisco TelePresence Video Communication Server (VCS) Software and Cisco Expressway Series Software can permit remote actors to dodge certificate authentication or execute cross-site request forgery attacks on targeted devices.

About the first bug

The first bug, tracked as CVE-2022-20814, is an improper certification validation problem, a remote, unauthorized actor can activate it to access critical information via a man-in-the-middle attack.

A bug in the certificate validation of Cisco TelePresence VCS and Cisco Expressway-C could permit a malicious, remote actor to have unauthenticated access to sensitive information.

The flaw is due to no validation of the SSL server certificate for an impacted device while it builds a connection to a Cisco Unified Communications Manager device.

The Cisco advisory says: “An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.”

About the second bug

The second vulnerability, tracked CVE-2022-20853 is cross-site request forgery (CSRF) that can be compromised to launch a denial of service (DoS) state by luring the victim to open a specially crafted link.

The Cisco PSIRT did not say anything about attacks in the wild exploiting these bugs or any public announcements.

Read the full article here

News Room

Cybervizer is a blog and podcast site that focuses on the latest technology and cybersecurity topics that are impacting enterprises, both small and large. Join us to explore the most important trends in enterprise technology and cybersecurity today. Get true insights into the tech and trends that will impact you and your organization.