Critical Fixes Released for Cisco Expressway Series, TelePresence VCS Products
Cisco this week released patches to resolve a new set of critical security vulnerabilities affecting the Expressway series and the Cisco TelePresence Video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code.
Both faults – tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS Scores: 9.0) – concerns an arbitrary file write and command injection flaw in the API and web management interfaces of both products that could have serious repercussions on affected systems.
The company said both issues stem from insufficient input validation of user-supplied command arguments, a weakness that could be weaponized by an authenticated remote attacker to conduct directory traversal attacks, overwrite files arbitrary and execute malicious code on the underlying operating system. as the root user.
“These vulnerabilities were discovered during internal security testing by Jason Crowder of the Cisco Advanced Security Initiatives Group (ASIG),” the company noted in its advisory released Wednesday.
Cisco also addressed three other flaws in StarOS, Cisco Identity Services Engine RADIUS Service and Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure software –
- CVE-2022-20665 (CVSS Score: 6.0) – A command injection vulnerability in Cisco StarOS that could allow an attacker with administrative credentials to execute arbitrary code with root privileges
- CVE-2022-20756 (CVSS score: 8.6) – A Denial of Service (DoS) vulnerability affecting RADIUS function Cisco Identity Services Engine (ISE)
- CVE-2022-20762 (CVSS Score: 7.8) – A privilege escalation flaw in the Cisco Ultra Cloud Core Common Execution Environment (CEE) ConfD command-line interface – Subscriber Microservices Infrastructure (SMI) software that could allow an authenticated local attacker to escalate root privileges
Cisco also noted that it found no evidence of malicious exploitation of the vulnerabilities, adding that they were found during internal security testing or when resolving a Technical Assistance Center support case. (TAC) from Cisco.
Nevertheless, customers are advised to update to the latest versions as soon as possible to mitigate any potential attack in the wild.