Thursday, August 11, 2022
HomeCyber SecurityCisco and Fortinet Launch Safety Patches for A number of Merchandise

Cisco and Fortinet Launch Safety Patches for A number of Merchandise

Cisco on Wednesday rolled out patches for 10 safety flaws spanning a number of merchandise, one among which is rated Vital in severity and may very well be weaponized to conduct absolute path traversal assaults.

The problems, tracked as CVE-2022-20812 and CVE-2022-20813, have an effect on Cisco Expressway Collection and Cisco TelePresence Video Communication Server (VCS) and “might permit a distant attacker to overwrite arbitrary information or conduct null byte poisoning assaults on an affected machine,” the corporate mentioned in an advisory.

CVE-2022-20812 (CVSS rating: 9.0), which considerations a case of arbitrary file overwrite within the cluster database API, requires the authenticated, distant attacker to have Administrator read-write privileges on the applying in order to have the ability to mount path traversal assaults as a root person.

“This vulnerability is because of inadequate enter validation of user-supplied command arguments,” the corporate mentioned. “An attacker might exploit this vulnerability by authenticating to the system as an administrative read-write person and submitting crafted enter to the affected command.”

Profitable exploitation of the flaw might allow the adversary to overwrite arbitrary information on the underlying working system.

CVE-2022-20813 (CVSS rating: 7.4), then again, has been described as a null byte poisoning flaw arising because of improper certificates validation, which may very well be weaponized by an attacker to stage a man-in-the-middle (MitM) assault and achieve unauthorized entry to delicate knowledge.


Additionally patched by Cisco is a high-severity flaw in its Good Software program Supervisor On-Prem (CVE-2022-20808, CVSS rating: 7.7) that may very well be abused by an authenticated, distant attacker to trigger a denial of service (DoS) situation on an affected machine.

Fortinet points fixes for a number of merchandise

In a associated growth, Fortinet addressed a number of high-severity vulnerabilities affecting FortiAnalyzer, FortiClient, FortiDeceptor, and FortiNAC –

  • CVE-2021-43072 (CVSS rating: 7.4) – Stack-based buffer overflow through crafted CLI execute command in FortiAnalyzer, FortiManager, FortiOS and FortiProxy
  • CVE-2021-41031 (CVSS rating: 7.8) – Privilege Escalation through listing traversal assault in FortiClient for Home windows
  • CVE-2022-30302 (CVSS rating: 7.9) – A number of path traversal vulnerabilities in FortiDeceptor administration interface, and
  • CVE-2022-26117 (CVSS rating: 8.0) – Unprotected MySQL root account in FortiNAC

Ought to the failings be efficiently exploited, it might permit an authenticated attacker to execute arbitrary code, retrieve and delete information, and entry MySQL databases, and even allow a neighborhood unprivileged actor to escalate to SYSTEM permissions.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments