Cisco ha publicado parches de seguridad para mitigar múltiples vulnerabilidades, entre ellas la CVE-2022-20658 de severidad critica, un atacante podría realizar escalamiento de privilegios, y otras vulnerabilidades de severidad media que afectarían a sus distintos productos.
Los productos afectados son:
- Cisco Adaptive Security Device Manager
- Cisco Enterprise Chat and Email
- Cisco IP Phones
- Cisco Prime Access Registrar Appliance
- Cisco Prime Infrastructure and Evolved Programmable Network Manager
- Cisco Secure Network Analytics
- Cisco Security Manager
- Cisco Tetration
- Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager
Información adicional:
- https://www.cert.gov.py/wp-content/uploads/2022/02/BOL-CERT-PY-2022-03_Multiples_vulnerabilidades_en_productos_Cisco.pdf
- https://www.govcert.gov.hk/en/alerts_detail.php?id=719
- https://www.cisa.gov/uscert/ncas/current-activity/2022/01/13/cisco-releases-security-updates-multiple-products
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-logging-jnLOY422
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-mult-xss-7hmOKQTt
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-reg-xss-zLOz8PfB
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO