Three high-severity vulnerabilities impacting Cisco's networking and communication products have been patched, according to SecurityWeek.
Cisco has addressed two of such flaws in its Expressway series and TelePresence Video Communication Server software, with the first, tracked as CVE-2022-20814, being potentially exploited to facilitate traffic interception or modification. Threat actors could leverage the second bug, tracked as CVE-2022-20853, to enable cross-site forgery attacks and a denial-of-service condition. Also addressed was a high-severity flaw in the Enterprise NFV Infrastructure Software, tracked as CVE-2022-20929. "An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system," said Cisco. Security advisories noting fixes for medium-severity BroadWorks, ATA, Jabber, Secure Web Appliance, Touch 10, Smart Software Manager On-Prem, and other access points have also been issued. Cisco added that there has been no evidence suggesting any active exploitation of the addressed bugs.
Vulnerable SSH servers could be compromised to secure private RSA host keys through a new passive attack method that involves the observation of computational faults during the signing process that exposes the private keys, The Hacker News reports.
BleepingComputer reports that widely used 3D computer graphics software suite Blender has been impacted by site outages due to distributed denial-of-service attacks that have been ongoing since the weekend.
Network security: New tools for an aging art
The Latest Cybercriminal TTPs: How Public-Sector Defenders Can Stay Ahead
Playing network traffic cop in multi-cloud environments: A guide to detecting & restricting lateral movement
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news