Cisco Releases Security Updates for Multiple Products

Scheduled updates for Cisco products, including 1 Critical update as well as 3 High updates

Threat ID:: CC-4022
Threat Severity:: Information only
Published:: 20 January 2022 1:49 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Cisco products, including 1 Critical update as well as 3 High updates

Affected platforms

The following platforms are known to be affected:

Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS

Cisco SD-WAN vManage

Cisco IOS XR

Cisco FirePower Threat Defense (FTD)

The following platforms are also known to be affected:

Many Cisco products are affected by at least one of these vulnerabilities. Please review the advisories listed below for a full list of affected products.

Threat details

Introduction

Cisco has released security updates to address vulnerabilities in multiple products. The critical update concerns remote code execution (RCE) and information disclosure vulnerabilities in Redundancy Configuration Manager for Cisco StarOS Software. The other updates, rated as High, address vulnerabilities relating to CLI Command Injection, ConfD CLI Command Injection, and Snort Modbus Denial of Service.

A remote, unauthenticated attacker could exploit some of these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisories and apply the necessary updates or workarounds.

Remediation steps

Type	Step
Patch	Cisco Redundancy Configuration Manager for Cisco StarOS Software Multiple Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq
Patch	Multiple Cisco Products CLI Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB
Patch	ConfD CLI Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confdcli-cmdinj-wybQDSSh
Patch	Multiple Cisco Products Snort Modbus Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj

CVE Vulnerabilities

CVE-2022-20648

CVE-2022-20649

CVE-2022-20655

CVE-2022-20685

Last edited: 20 January 2022 1:53 pm