Cisco on Wednesday rolled out patches for 10 safety flaws spanning a number of merchandise, one in all which is rated Crucial in severity and may very well be weaponized to conduct absolute path traversal assaults.
The problems, tracked as CVE-2022-20812 and CVE-2022-20813, have an effect on Cisco Expressway Collection and Cisco TelePresence Video Communication Server (VCS) and “may enable a distant attacker to overwrite arbitrary recordsdata or conduct null byte poisoning assaults on an affected machine,” the corporate mentioned in an advisory.
CVE-2022-20812 (CVSS rating: 9.0), which issues a case of arbitrary file overwrite within the cluster database API, requires the authenticated, distant attacker to have Administrator read-write privileges on the applying in order to have the ability to mount path traversal assaults as a root consumer.
“This vulnerability is because of inadequate enter validation of user-supplied command arguments,” the corporate mentioned. “An attacker may exploit this vulnerability by authenticating to the system as an administrative read-write consumer and submitting crafted enter to the affected command.”
Profitable exploitation of the flaw may allow the adversary to overwrite arbitrary recordsdata on the underlying working system.
CVE-2022-20813 (CVSS rating: 7.4), then again, has been described as a null byte poisoning flaw arising on account of improper certificates validation, which may very well be weaponized by an attacker to stage a man-in-the-middle (MitM) assault and achieve unauthorized entry to delicate knowledge.
Additionally patched by Cisco is a high-severity flaw in its Good Software program Supervisor On-Prem (CVE-2022-20808, CVSS rating: 7.7) that may very well be abused by an authenticated, distant attacker to trigger a denial of service (DoS) situation on an affected machine.
Fortinet points fixes for a number of merchandise
In a associated growth, Fortinet addressed a number of high-severity vulnerabilities affecting FortiAnalyzer, FortiClient, FortiDeceptor, and FortiNAC –
- CVE-2021-43072 (CVSS rating: 7.4) – Stack-based buffer overflow through crafted CLI execute command in FortiAnalyzer, FortiManager, FortiOS and FortiProxy
- CVE-2021-41031 (CVSS rating: 7.8) – Privilege Escalation through listing traversal assault in FortiClient for Home windows
- CVE-2022-30302 (CVSS rating: 7.9) – A number of path traversal vulnerabilities in FortiDeceptor administration interface, and
- CVE-2022-26117 (CVSS rating: 8.0) – Unprotected MySQL root account in FortiNAC
Ought to the failings be efficiently exploited, it could enable an authenticated attacker to execute arbitrary code, retrieve and delete recordsdata, and entry MySQL databases, and even allow a neighborhood unprivileged actor to escalate to SYSTEM permissions.
