Network solutions provider Cisco has released updates to address high-severity security vulnerabilities that could allow threat actors to take control of affected systems and carry out denial-of-service attacks (DoS).
The details of these security vulnerabilities are as follows:
- The vulnerability, tracked by code CVE-2022-20783 and due to lack of authentication, affects Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software.
- The vulnerability tracked by code CVE-2022-20773 and found in Cisco Umbrella Virtual Appliance (VA) relates to a static SSH host switch that allows threat actors to perform potential Man-In-The-Middle (MitM) attacks.
- The vulnerability, tracked by code CVE-2022-20732, could allow threat actors to view and modify database content to elevate their privileges on the affected device.
Cisco has also fixed many medium severity vulnerabilities affecting other products in its product line, including Webex Meeting, Unified Communications Products, Umbrella Secure Web Gateway, and IOS XR Software. In this context, it is recommended to immediately upgrade the vulnerable versions to the published updates in order not to be the target of attacks that can be carried out using vulnerabilities.