Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA
Networking equipment maker Cisco has released security updates to address three high-severity vulnerabilities in its products that could be exploited to cause a denial-of-service (DoS) condition and take control of affected systems.
The first of the three flaws, CVE-2022-20783 (CVSS score: 7.5), affects Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software, and stems from a lack of proper input validation, allowing an unauthenticated, remote attacker to send specially crafted traffic to the devices.
“A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device,” the company said.
Also addressed by Cisco are 10 medium-severity bugs spanning its product portfolio, including Webex Meeting, Unified Communications Products, Umbrella Secure Web Gateway, and IOS XR Software.
Read the full article here – https://thehackernews.com/2022/04/cisco-releases-security-patches-for.html