Rewterz Threat Advisory – Multiple WordPress Plugin Vulnerabilities
April 8, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
April 8, 2022Rewterz Threat Advisory – Multiple WordPress Plugin Vulnerabilities
April 8, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
April 8, 2022Severity
Medium
Analysis Summary
CVE-2022-20774 CVSS:6.8
Cisco IP Phone 6800, 7800, and 8800 Series are vulnerable to cross-site request forgery, caused by improper authorization by the web-based interface. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform configuration changes on the affected device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2022-20781 CVSS:5.4
Cisco Web Security Appliance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-20741 CVSS:5.4
Cisco Secure Network Analytics Network Diagrams Application is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-20675 CVSS:5.4
Multiple Cisco Security Products are vulnerable to a denial of service, caused by an open port listener on TCP port 199. By connecting to TCP port 199, a remote attacker could exploit this vulnerability to crash the Simple Network Management Protocol (SNMP) service.
CVE-2022-20782 CVSS:6.5
Cisco Identity Services Engine could allow a remote authenticated attacker to obtain sensitive information, caused by improper enforcement of administrative privilege levels for high-value sensitive data. By navigating to a page that contains sensitive data, an attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Denial of Service
- Gain Access
- Cross-Site Scripting
- Information Disclosure
Indicator Of Compromise
CVE
- CVE-2022-20774
- CVE-2022-20781
- CVE-2022-20741
- CVE-2022-20675
- CVE-2022-20782
Affected Vendors
Cisco
Affected Products
- Cisco IP Phone 7800 Series
- Cisco IP Phone 8800 Series
- Cisco IP Phone 6800 Series
- Cisco Web Security Appliance
- Cisco Secure Network Analytics Network Diagrams Application
- Cisco Web Security Appliance
- Cisco Email Security Appliance (ESA)
- Cisco Secure Email and Web Manager
- Cisco Identity Services Engine
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.