Rewterz Threat Update – Anonymous Collective’s Activity Round-Up – Russian-Ukrainian Cyber Warfare
April 7, 2022Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
April 7, 2022Rewterz Threat Update – Anonymous Collective’s Activity Round-Up – Russian-Ukrainian Cyber Warfare
April 7, 2022Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
April 7, 2022Severity
Medium
Analysis Summary
CVE-2022-20763 CVSS:5.4
Cisco Webex Meetings could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper deserialization of Java code within login requests. By sending specially-crafted login requests, an attacker could exploit this vulnerability to execute arbitrary Java code on the system.
CVE-2022-20784 CVSS:4.3
Cisco Web Security Appliance could allow a remote attacker to bypass security restrictions, caused by improper handling of certain character combinations inserted into a URL. By sending specially-crafted URLs, an attacker could exploit this vulnerability to bypass the web proxy and access web content that has been blocked by policy.
Impact
- Code Execution
- Security Bypass
Indicator Of Compromise
CVE
- CVE-2022-20763
- CVE-2022-20784
Affected Vendors
Cisco
Affected Products
- Cisco Webex Meetings
- Cisco Web Security Appliance (WSA)
- Cisco AsyncOS Software for Web Security Appliances (WSA)
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.