Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
June 2, 2023
Severity High Analysis Summary Shuckworm APT – aka Actinium, Armageddon, Primitive Bear, Gamaredon, and Trident Ursa – is a Russia-backed advanced persistent threat (APT) that has […]June 2, 2023Severity High Analysis Summary StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable […]June 2, 2023Severity High Analysis Summary Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
June 2, 2023Severity High Analysis Summary Shuckworm APT – aka Actinium, Armageddon, Primitive Bear, Gamaredon, and Trident Ursa – is a Russia-backed advanced persistent threat (APT) that has […]June 2, 2023Severity High Analysis Summary StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable […]June 2, 2023Severity High Analysis Summary Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – ICS: Johnson Controls Metasys SCT Pro Vulnerability
April 22, 2022Rewterz Threat Alert – Donot APT Group – Active IOCs
April 22, 2022
Severity
Medium
Analysis Summary
CVE-2022-20805 CVSS:4.1
Cisco Umbrella Secure Web Gateway could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the automatic decryption process. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass the decryption process.
CVE-2022-20790 CVSS:6.5
Cisco Unified Communications products could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation in the web-based management interface. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2022-20789 CVSS:4.9
Cisco Unified Communications products could allow a remote authenticated attacker to bypass security restrictions, caused by improper restrictions applied to a system script. By using crafted variables during the execution of a system upgrade, an attacker could exploit this vulnerability to overwrite or append arbitrary data to system files using root-level privileges.
CVE-2022-20804 CVSS:4.3
Cisco Unified Communications products are vulnerable to a denial of service, caused by incorrect processing of certain Cisco Discovery Protocol packets. By sending specially-crafted request, a remote attacker could exploit this vulnerability to cause a kernel panic.
Impact
- Security Bypass
- Information Disclosure
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-20805
- CVE-2022-20790
- CVE-2022-20789
- CVE-2022-20804
Affected Vendors
Cisco
Affected Products
- Cisco Umbrella Secure Web Gateway
- Cisco Unified Communications Manager (Unified CM)
- Cisco Unified Communications Manager Session Management Edition (Unified CM SME)
- Cisco Unified Communications Manager Session Management Edition (SME)
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
CVE-2022-20805
CVE-2022-20790
CVE-2022-20789
CVE-2022-20804