Home Security Cisco Releases Safety Patches for New Vulnerabilities Impacting A number of Merchandise

Cisco Releases Safety Patches for New Vulnerabilities Impacting A number of Merchandise

by crpt os


Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month.

Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK’s network stack, enabling a remote adversary to trigger a denial-of-service (DoS) condition and cause an impact on data integrity and confidentiality.

“If an error condition is observed on the device interface, the device may either reload or fail to receive traffic, resulting in a denial-of-service (DoS) condition,” Cisco said in a notice published on September 7.

CyberSecurity

DPDK refers to a set of libraries and optimized network interface card (NIC) drivers for fast packet processing, offering a framework and common API for high-speed networking applications.

Cisco said it investigated its product lineup and determined the following services to be affected by the bug, prompting the networking equipment maker to release software updates –

  • Cisco Catalyst 8000V Edge Software
  • Adaptive Security Virtual Appliance (ASAv), and
  • Secure Firewall Threat Defense Virtual (formerly FTDv)

Aside from CVE-2022-28199, Cisco has also resolved a vulnerability in its Cisco SD-WAN vManage Software that could “allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system.”

The company blamed the shortcoming – assigned the identifier CVE-2022-20696 (CVSS score: 7.5) – on the absence of “sufficient protection mechanisms” in the messaging server container ports. It credited Orange Business for reporting the vulnerability.

Successful exploitation of the flaw could permit the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload, Cisco said.

CyberSecurity

A third flaw remediated by Cisco is a vulnerability in the messaging interface of Cisco Webex App (CVE-2022-20863, CVSS score: 4.3), which could enable an unauthenticated, remote attacker to modify links or other content and conduct phishing attacks.

“This vulnerability exists because the affected software does not properly handle character rendering,” it said. “An attacker could exploit this vulnerability by sending messages within the application interface.”

Cisco credited Rex, Bruce, and Zachery from Binance Red Team for discovering and reporting the vulnerability.

Lastly, it also disclosed details of an authentication bypass bug (CVE-2022-20923, CVSS score: 4.0) affecting Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers, which it said will not be fixed owing to the products reaching end-of-life (EOL).

“Cisco has not released and will not release software updates to address the vulnerability,” it said, encouraging users to “migrate to Cisco Small Business RV132W, RV160, or RV160W Routers.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex