Nearly 50 security flaws addressed by Cisco

Forty-five security flaws in various Cisco products have been fixed in newly released patches, The Hacker News reports. Cisco Nexus Dashboard for data centers and cloud network infrastructures are impacted by the most severe vulnerabilities, tracked as CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861, which could be exploited to enable arbitrary command execution, image file reading or uploading, and cross-site request forgery attacks. Threat actors could also abuse a high-severity vulnerability in Cisco Nexus Dashboard's SSL/TLS implementation, tracked as CVE-2022-20860, to allow remote modification of communications with related controllers. "An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers," said Cisco. Moreover, Cisco also addressed 35 flaws impacting its Small Business RV110W, RV130, RV130W, and RV215W routers, which could be leveraged by attackers with administrator credentials for arbitrary code execution or denial-of-service.