Endpoint/Device Security, Network Security, Data Security

Nearly 50 security flaws addressed by Cisco

Forty-five security flaws in various Cisco products have been fixed in newly released patches, The Hacker News reports. Cisco Nexus Dashboard for data centers and cloud network infrastructures are impacted by the most severe vulnerabilities, tracked as CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861, which could be exploited to enable arbitrary command execution, image file reading or uploading, and cross-site request forgery attacks. Threat actors could also abuse a high-severity vulnerability in Cisco Nexus Dashboard's SSL/TLS implementation, tracked as CVE-2022-20860, to allow remote modification of communications with related controllers. "An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers," said Cisco. Moreover, Cisco also addressed 35 flaws impacting its Small Business RV110W, RV130, RV130W, and RV215W routers, which could be leveraged by attackers with administrator credentials for arbitrary code execution or denial-of-service.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.