Rewterz Threat Advisory – Multiple Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
October 6, 2022Rewterz Threat Advisory – CVE-2022-20948 – Cisco BroadWorks Hosted Thin Receptionist Vulnerability
October 6, 2022Rewterz Threat Advisory – Multiple Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
October 6, 2022Rewterz Threat Advisory – CVE-2022-20948 – Cisco BroadWorks Hosted Thin Receptionist Vulnerability
October 6, 2022Severity
High
Analysis Summary
CVE-2022-20929
Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow a remote attacker to execute arbitrary code on the system, caused by insufficient cryptographic signature verification of upgrade files. By providing an administrator with an unauthentic upgrade file, an attacker could exploit this vulnerability to fully compromise the Cisco NFVIS system.
Impact
Code Execution
Indicators Of Compromise
CVE
- CVE-2022-20929
Affected Vendors
Cisco
Affected Products
- Cisco Enterprise NFV Infrastructure Software (NFVIS)
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.