Cisco Patches Virtual Conference Software Vulnerability Reported by NSA
Cisco on Wednesday announced the release of patches for several high-severity vulnerabilities in its products, including a bug reported by the National Security Agency (NSA).
Tracked as CVE-2022-20783 (CVSS score of 7.5), the NSA-reported flaw is a denial of service (DoS) issue in TelePresence Collaboration Endpoint (CE) and RoomOS software, which could be exploited remotely, without authentication.
Insufficient input validation, Cisco explains, allows an attacker to send crafted H.323 traffic to a vulnerable device and cause it to reboot, either normally or in maintenance mode, thus creating a DoS condition.
Cisco patched the security hole with TelePresence CE releases 126.96.36.199 and 10.11.2.2 and with the RoomOS January 2022 release.
Another high-severity vulnerability that Cisco addressed this week is CVE-2022-20732 (CVSS score of 7.8), which is described as an elevation of privilege issue in the company’s Virtualized Infrastructure Manager (VIM) product.
Improper access permissions in VIM allow an authenticated, local attacker to access specific configuration files they should not have access to. The attacker could then obtain internal database credentials and use them to view and modify database contents.
“The attacker could use this access to the database to elevate privileges on the affected device,” Cisco says.
The vulnerability was resolved with the release of Virtualized Infrastructure Manager Software version 4.2.2. If updating to a patched release is not possible, users should connect to the device’s CLI as root and secure permissions to the affected files, the tech giant notes in its advisory.
This week, Cisco also removed a static SSH host key in Umbrella virtual appliance (VA) release 3.3.2, which could be abused by an unauthenticated, remote attacker to impersonate a VA.
“An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA,” Cisco says.
Cisco also fixed roughly ten medium-severity vulnerabilities this week, including cross-site scripting (XSS), arbitrary file read, file decryption bypass, DoS, SQL injection, and cross-site request forgery (CSRF) bugs.
Related: CISA Says Recent Cisco Router Vulnerabilities Exploited in Attacks
Related: NSA Informs Cisco of Vulnerability Exposing Nexus Switches to DoS Attacks
Related: Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products