Skip to main content

Cisco Releases Security Updates for Multiple Products

Scheduled updates for Cisco products address 3 vulnerabilities in VIM, Umbrella Virtual Appliance, RoomOS Software, and TelePresence CE Software

Threat ID:
CC-4085
Threat Severity:
Information only
Published:
25 April 2022 4:59 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Cisco products address 3 vulnerabilities in VIM, Umbrella Virtual Appliance, RoomOS Software, and TelePresence CE Software

The following platforms are also known to be affected:

Cisco RoomOS Software in Cloud-Aware On-Premises operation, which is cloud based, and Cisco TelePresence CE Software if they are running vulnerable releases and have H.323 Mode enabled.

Threat details

Introduction

Cisco has released security updates to address vulnerabilities in multiple products, which include a privilege escalation vulnerability, a static SSH Host Key vulnerability, and a denial of service vulnerability. A remote, unauthenticated attacker could exploit some of these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisories and apply the necessary updates or workarounds.

Remediation steps

Type Step
Patch

Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability | cisco-sa-vim-privesc-T2tsFUf


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vim-privesc-T2tsFUf
Patch

Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability | cisco-sa-uva-static-key-6RQTRs4c


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c
Patch

Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability | cisco-sa-ce-roomos-dos-c65x2Qf2


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ce-roomos-dos-c65x2Qf2

CVE Vulnerabilities

Status Published

CVE-2022-20732

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device.
Status Published

CVE-2022-20773

A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA.
Status Published

CVE-2022-20783

A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted H.323 traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device.

Last edited: 25 April 2022 4:59 pm