On 22^nd July 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) released an advisory on Cisco Systems Inc. addressing multiple vulnerabilities in Cisco products. Threat actors could exploit by allowing an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.

According to the report, Cisco has provided security patches for the following are the six security vulnerabilities,

• CVE-2022-20857, CVE-2022-20858, CVE-2022-20861: Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (Severity: Critical)
• CVE-2022-20860: Cisco Nexus Dashboard SSL Certificate Validation Vulnerability (Severity: High)
• CVE-2022-20873, CVE-2022-20874, CVE-2022-20875: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities (Severity: Medium)
• CVE-2022-20906, CVE-2022-20907, CVE-2022-20908, CVE-2022-20909: Cisco Nexus Dashboard Privilege Escalation Vulnerabilities (Severity: Medium)
• CVE-2022-20913: Cisco Nexus Dashboard Arbitrary File Write Vulnerability (Severity: Medium)
• CVE-2022-20916: Cisco IoT Control Center Cross-Site Scripting Vulnerability (Severity: Medium)

Cisco has provided the latest software patches to address these vulnerabilities and has said that no workarounds are available.  It’s recommended to all private and public sector organizations to install the security patches immediately.

Source:

• https://www.cisa.gov/uscert/ncas/current-activity/2022/07/22/cisco-releases-security-updates-multiple-products
• https://tools.cisco.com/security/center/publicationListing.x