Cisco Releases Security Advisories for Multiple Products

Twelve advisories address one Critical, three High, and eight Medium impact vulnerabilities for Cisco routers, IP phones, and other software as well as hardware products.

Threat ID:: CC-4244
Threat Severity:: Information only
Published:: 12 January 2023 3:28 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Twelve advisories address one Critical, three High, and eight Medium impact vulnerabilities for Cisco routers, IP phones, and other software as well as hardware products.

Affected platforms

The following platforms are known to be affected:

Cisco IP Phone

Cisco Webex RoomOS

Cisco Network Services Orchestrator

The following platforms are also known to be affected:

RV016 Multi-WAN VPN Routers
RV042 Dual WAN VPN Routers
RV042G Dual Gigabit WAN VPN Routers
RV082 Dual WAN VPN Routers
RV340 Dual WAN Gigabit VPN Routers
RV340W Dual WAN Gigabit Wireless-AC VPN Routers
RV345 Dual WAN Gigabit VPN Routers
RV345P Dual WAN Gigabit POE VPN Routers
Cisco Industrial Network Director
Cisco BroadWorks Application Delivery Platform Device Management Software
Cisco BroadWorks Xtended Services Platform
Cisco TelePresence Collaboration Endpoint
Cisco CX Cloud Agent
Cisco Unified Intelligence Center

Threat details

Introduction

The twelve advisories address one Critical, three High, and eight Medium impact vulnerabilities in multiple products. The Critical advisory concerns arbitrary code execution and authentication bypass. The other advisories concern bypass of authentication as well as cross-site scripting, denial of service, server-side request forgery, and privilege escalation.

An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of a system.

Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisories for more information.

Remediation steps

Type	Step
Guidance	Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5
Patch	Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR
Patch	Cisco Industrial Network Director Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG
Patch	Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp
Patch	Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution and Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rcedos-7HjP74jD
Guidance	Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-cmd-exe-n47kJQLE
Patch	Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK
Patch	Cisco Network Services Orchestrator Path Traversal Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg
Patch	Cisco Webex Room Phone and Cisco Webex Share Link Layer Discovery Protocol Memory Leak Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-memlk-McOecPT
Patch	Cisco CX Cloud Agent Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ
Patch	Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX
Patch	Cisco BroadWorks Application Delivery Platform, Application Server, and Xtended Services Platform Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-xss-EzqDXqG4

Definitive source of threat updates

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

CVE Vulnerabilities

CVE-2023-20025

CVE-2023-20026

CVE-2023-20037

CVE-2023-20038

CVE-2023-20018

CVE-2023-20020

Last edited: 12 January 2023 3:35 pm