Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco fixed a critical arbitrary File Overwrite flaw in Enterprise Communication solutions

Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products. Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway series and TelePresence Video Communication Server (VCS). A remote attacker can trigger the flaw to overwrite files on the […]

Cisco Catalyst

Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products.

Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway series and TelePresence Video Communication Server (VCS).

A remote attacker can trigger the flaw to overwrite files on the underlying operating system with root privileges.

The vulnerability impacts Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices.

“A vulnerability in the cluster database API of Cisco Expressway Series and Cisco TelePresence VCS could allow an authenticated, remote attacker with Administratorread-write privileges on the application to conduct absolute path traversal attacks on an affected device and overwrite files on the underlying operating system as a root user.” reads the advisory published by Cisco.

The root cause of the vulnerability is the insufficient input validation of user-supplied command arguments. Threat actors can trigger the flaw by authenticating to the system as an administrative read-write user and submitting crafted input to the affected command.

The IT giant also addressed a Null Byte poisoning issue, tracked as CVE-2022-20813 (CVSS Score 9.0) in Expressway Series and TelePresence VCS.

“A vulnerability in the certificate validation of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.” reads the advisory.

The flaw is due to improper certificate validation. An attacker can trigger the vulnerability by using a man-in-the-middle technique to intercept the traffic between devices, and then using a crafted certificate to impersonate the endpoint. The attacker can view the intercepted traffic in clear text or manipulate it.

Both issues have been addressed with the release of Expressway series and TelePresence VCS release 14.0.7, but no workarounds that address these vulnerabilities are available.

The good news is that the IT giant is not aware of attacks in the wild exploiting these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISCO)

[adrotate banner=”5″]

[adrotate banner=”13″]