Cisco on Wednesday rolled out patches for 10 safety flaws spanning a number of merchandise, one in every of which is rated Vital in severity and could possibly be weaponized to conduct absolute path traversal assaults.
The problems, tracked as CVE-2022-20812 and CVE-2022-20813, have an effect on Cisco Expressway Sequence and Cisco TelePresence Video Communication Server (VCS) and “might enable a distant attacker to overwrite arbitrary information or conduct null byte poisoning assaults on an affected gadget,” the corporate stated in an advisory.
CVE-2022-20812 (CVSS rating: 9.0), which considerations a case of arbitrary file overwrite within the cluster database API, requires the authenticated, distant attacker to have Administrator read-write privileges on the appliance in order to have the ability to mount path traversal assaults as a root person.
“This vulnerability is because of inadequate enter validation of user-supplied command arguments,” the corporate stated. “An attacker might exploit this vulnerability by authenticating to the system as an administrative read-write person and submitting crafted enter to the affected command.”
Profitable exploitation of the flaw might allow the adversary to overwrite arbitrary information on the underlying working system.
CVE-2022-20813 (CVSS rating: 7.4), then again, has been described as a null byte poisoning flaw arising as a result of improper certificates validation, which could possibly be weaponized by an attacker to stage a man-in-the-middle (MitM) assault and acquire unauthorized entry to delicate information.
Additionally patched by Cisco is a high-severity flaw in its Good Software program Supervisor On-Prem (CVE-2022-20808, CVSS rating: 7.7) that could possibly be abused by an authenticated, distant attacker to trigger a denial of service (DoS) situation on an affected gadget.
Fortinet points fixes for a number of merchandise
In a associated improvement, Fortinet addressed as many as 4 high-severity vulnerabilities affecting FortiAnalyzer, FortiClient, FortiDeceptor, and FortiNAC –
- CVE-2021-43072 (CVSS rating: 7.4) – Stack-based buffer overflow through crafted CLI execute command in FortiAnalyzer, FortiManager, FortiOS and FortiProxy
- CVE-2021-41031 (CVSS rating: 7.8) – Privilege Escalation through listing traversal assault in FortiClient for Home windows
- CVE-2022-30302 (CVSS rating: 7.9) – A number of path traversal vulnerabilities in FortiDeceptor administration interface, and
- CVE-2022-26117 (CVSS rating: 8.0) – Unprotected MySQL root account in FortiNAC
Ought to the issues be efficiently exploited, it might enable an authenticated attacker to execute arbitrary code, retrieve and delete information, and entry MySQL databases, and even allow an area unprivileged actor to escalate to SYSTEM permissions.