Cisco has unveiled fixes for four security vulnerabilities impacting its products, including a high-severity vulnerability in its Secure Email and Web Manager and Email Security Appliance, The Register
Threat actors with the necessary appliance permissions could exploit the flaw, tracked as CVE-2022-20664, to facilitate the exfiltration of sensitive data although in-the-wild abuse has not yet been reported.
"This vulnerability is due to a lack of proper input sanitization while querying the external authentication server," said Cisco. Three other medium-severity bugs have been addressed by Cisco, including one, tracked as CVE-2022-20829, which affects Cisco Adaptive Security Device Manager software image packaging and Cisco Adaptive Security Appliance software image validation.
Meanwhile, Cisco's FirePOWER Software for Adaptive Security Appliance FirePOWER module has its CLI parser impacted by the flaw, tracked as CVE-2022-20828, which could be abused by attackers with administrative access.
Malicious actors could also abuse a Cisco Enterprise Chat and Email web interface flaw, tracked as CVE-2022-20802, to launch cross-site scripting attacks