March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Multiple VMware Vulnerabilities
March 3, 2022
Rewterz Threat Advisory – Fortinet FortiOS and FortiAnalyzer and Fortinet FortiManager Vulnerabilities
March 3, 2022
Rewterz Threat Advisory – Multiple VMware Vulnerabilities
March 3, 2022
Rewterz Threat Advisory – Fortinet FortiOS and FortiAnalyzer and Fortinet FortiManager Vulnerabilities
March 3, 2022
Severity
High
Analysis Summary
CVE-2022-20762
Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure (SMI) could allow a local authenticated attacker to gain elevated privileges on the system, caused by insufficient access control in the Common Execution Environment (CEE) ConfD CLI. By authenticating as a CEE ConfD CLI user and executing a specific CLI command, an attacker could exploit this vulnerability to access privileged containers with root privileges.
CVE-2022-20756
Cisco Identity Services Engine is vulnerable to a denial of service, caused by improper handling of certain RADIUS requests. By attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server, a remote attacker could exploit this vulnerability to stop processing RADIUS packets.
CVE-2022-20665
Cisco StarOS could allow a local authenticated attacker to execute arbitrary commands on the system, caused by insufficient input validation of CLI commands. By sending-specially crafted commands to the CLI, an attacker could exploit this vulnerability to execute arbitrary commands on the system with root privileges.
CVE-2022-20755
Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient input validation of user-supplied command arguments. By authenticating to the system as an administrative user and then submitting specially crafted input to the affected command, an attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system as the root user.
CVE-2022-20754
Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote authenticated attacker to overwrite arbitrary files on the system, caused by insufficient input validation of user-supplied command arguments. By authenticating to the system as an administrative user and then submitting specially crafted input to the affected command, an attacker could exploit this vulnerability to overwrite arbitrary files on the underlying operating system as the root user.
Impact
- Privilege Escalation
- Denial of Service
- Command Execution
- Unauthorized Access
Indicators of Compromise
CVE
- CVE-2022-20762
- CVE-2022-20756
- CVE-2022-20665
- CVE-2022-20755
- CVE-2022-20754
Affected Vendors
Cisco
Affected Products
- Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure (SMI)
- Cisco Identity Services Engine
- Cisco StarOS
- Cisco ASR 5000 Series
- Cisco Ultra Cloud Core – User Plane Function
- Cisco Virtualized Packet Core-Distributed Instance
- Cisco Virtualized Packet Core-Single Instance
- Cisco Telepresence Video Communication Server
- Cisco Expressway Series
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
CVE-2022-20762
CVE-2022-20756
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp
CVE-2022-20665
CVE-2022-20755
CVE-2022-20754