On Wednesday, Cisco released patches for ten different products that had security flaws, including one that was rated Critical in severity and could be exploited to carry out absolute path traversal attacks.
The vulnerabilities, which have been assigned the identifiers CVE-2022-20812 and CVE-2022-20813, are present in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). According to the company's advisory, these flaws "could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device."
It is necessary for an authenticated, remote attacker to have Administrator read-write privileges on the application in order to be able to mount path traversal attacks as a root user in the case of CVE-2022-20812 (CVSS score: 9.0), which is a vulnerability involving arbitrary file overwrite in the cluster database API. The CVSS score for this vulnerability is 9.0.
According to the statement made by the company, "this vulnerability is due to insufficient input validation of user-supplied command arguments." "An adversary could exploit this vulnerability by authenticating to the system as an administrative read-write user and submitting crafted input to the affected command," says the article. "This would allow the adversary to take advantage of the vulnerability."
If the vulnerability is successfully exploited by the adversary, it may be possible for them to overwrite any files they want on the underlying operating system.
On the other hand, CVE-2022-20813 has been described as a null byte poisoning flaw that arises due to improper certificate validation. This vulnerability could be exploited by an attacker to stage a man-in-the-middle (MitM) attack and gain unauthorized access to sensitive data. The CVSS score for this vulnerability is 7.4.
A high-severity flaw was discovered in Cisco's Smart Software Manager On-Prem (CVE-2022-20808, CVSS score: 7.7). This flaw could be exploited by an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Cisco has since patched this vulnerability.
Fortinet has released updates and patches for a number of its products.
In a separate but related development, Fortinet addressed as many as four high-severity vulnerabilities that affected FortiAnalyzer, FortiClient, FortiDeceptor, and FortiNAC. -
CVE-2021-43072 (CVSS score: 7.4) - Stack-based buffer overflow in FortiAnalyzer, FortiManager, FortiOS, and FortiProxy caused by crafted CLI executing the command
CVE-2021-41031 (CVSS score: 7.8) - Privilege Escalation in FortiClient for Windows due to a Directory Traversal Attack CVE-2022-30302 (CVSS score: 7.9) - Multiple vulnerabilities related to path traversal in the FortiDeceptor management interface, including CVE-2022-26117 (CVSS score: 8.0) - The MySQL root account in FortiNAC is not protected in any way
In the event that the vulnerabilities are successfully exploited, it may make it possible for an authenticated attacker to execute arbitrary code, retrieve and delete files, and access MySQL databases. Additionally, it may make it possible for a local unprivileged actor to escalate their permissions to SYSTEM levels.
Post a Comment
Your suggestions and comments are welcome