Cisco Security Advisories

Cisco IOS XR Software Health Check Open Port Vulnerability

Fri, 2022-05-20 16:00
<p>A vulnerability in the health check RPM of Cisco&nbsp;IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container.</p> <p>This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco&nbsp;IOS XR Software host system.</p> <p>Cisco&nbsp;has released software updates that address this vulnerability. There are workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20821
Categories: Security Alerts

Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability

Wed, 2022-05-18 23:00
<p>A vulnerability in the web applications of Cisco&nbsp;UCS Director could allow an authenticated, remote attacker to <span class="TextRun Highlight SCXO16456276 BCX2"><span class="NormalTextRun SCXO16456276 BCX2">conduct a cross-site scripting attack on an affected system.</span></span></p> <p>This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms.</p> <p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-UCS-XSS-uQSME3L7" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-UCS-XSS-uQSME3L7</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20765
Categories: Security Alerts

Cisco Secure Network Analytics Remote Code Execution Vulnerability

Wed, 2022-05-18 23:00
<p>A vulnerability in the web-based management interface of Cisco&nbsp;Secure Network Analytics, formerly Cisco&nbsp;Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system.</p> <p>This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.</p> <p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK</a></p> <p><strong>Attention</strong>: Simplifying the Cisco&nbsp;portfolio includes the renaming of security products under one brand: Cisco&nbsp;Secure. For more information, see&nbsp;<a href="https://www.cisco.com/c/en/us/products/security/secure-names.html">Meet Cisco&nbsp;Secure</a>.</p>
Security Impact Rating: Medium
CVE: CVE-2022-20797
Categories: Security Alerts

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Wed, 2022-05-18 23:00
<p>Multiple vulnerabilities in the API and web-based management interfaces of Cisco&nbsp;Expressway Series and Cisco&nbsp;TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device.</p> <p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.</p> <p>Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20806,CVE-2022-20807,CVE-2022-20809
Categories: Security Alerts

Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability

Wed, 2022-05-18 23:00
<p>A vulnerability in the web interface of Cisco&nbsp;Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.</p> <p>This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid <em>agent </em>credentials.</p> <p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-strd-xss-BqFXO9D2">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-strd-xss-BqFXO9D2</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20802
Categories: Security Alerts

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities

Wed, 2022-05-18 23:00
<p>Multiple vulnerabilities in the web-based management interface of Cisco&nbsp;Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.</p> <p>These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.&nbsp;</p> <p>Cisco&nbsp;has released software updates to address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-multi-xss-tyDFjhwb">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-multi-xss-tyDFjhwb</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20666,CVE-2022-20667,CVE-2022-20668,CVE-2022-20669,CVE-2022-20670,CVE-2022-20671,CVE-2022-20672,CVE-2022-20673,CVE-2022-20674
Categories: Security Alerts

Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability

Mon, 2022-05-16 18:45
<p>Multiple Cisco&nbsp;products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system.</p> <p>The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.</p> <p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq" target="_blank" rel="noopener">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq</a></p>
Security Impact Rating: Medium
CVE: CVE-2021-1236
Categories: Security Alerts

ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: May 2022

Thu, 2022-05-05 03:36
<p>On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:</p> <blockquote> <p>A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device.</p> </blockquote> <p>For a description of this vulnerability, see the <a href="https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html">ClamAV blog</a>.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20796
Categories: Security Alerts

ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022

Thu, 2022-05-05 03:36
<p>On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:</p> <blockquote> <p>A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.</p> </blockquote> <p>For a description of this vulnerability, see the <a href="https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html">ClamAV blog</a>.</p> <p>This advisory will be updated as additional information becomes available.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd" target="_blank" rel="noopener">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20770
Categories: Security Alerts

ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: May 2022

Thu, 2022-05-05 03:36
<p>On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:&nbsp;</p> <blockquote> <p>A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.</p> </blockquote> <p>For a description of this vulnerability, see the <a href="https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html">ClamAV blog</a>.</p> <p>This advisory will be updated as additional information becomes available.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR" target="_blank" rel="noopener">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20785
Categories: Security Alerts

ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022

Thu, 2022-05-05 03:36
<p>On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:</p> <blockquote> <p>A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.</p> </blockquote> <p>For a description of this vulnerability, see the <a href="https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html">ClamAV blog</a>.</p> <p>This advisory will be updated as additional information becomes available.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG" target="_blank" rel="noopener">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20771
Categories: Security Alerts

Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Wed, 2022-05-04 23:00
<p> Multiple vulnerabilities in Cisco&nbsp;Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the <em>root</em> level, or leak system data from the host to the VM.</p> <p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.</p> <p>Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9</a></p>
Security Impact Rating: Critical
CVE: CVE-2022-20777,CVE-2022-20779,CVE-2022-20780
Categories: Security Alerts

Cisco SD-WAN vManage Software Information Disclosure Vulnerability

Wed, 2022-05-04 23:00
<p>A vulnerability in Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system.</p> <p>This vulnerability is due to insufficient file system restrictions. An authenticated attacker with <em>netadmin </em>privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.</p> <p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.&nbsp;</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmge-infodc-WPSkAMhp" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmge-infodc-WPSkAMhp</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20734
Categories: Security Alerts

Cisco Small Business RV Series Routers Command Injection Vulnerabilities

Wed, 2022-05-04 23:00
<p>Multiple vulnerabilities in the web-based management interface of Cisco&nbsp;Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.</p> <p>These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid <em>Administrator</em> credentials on the affected device.</p> <p>Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-rv-cmd-inj-8Pv9JMJD" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-rv-cmd-inj-8Pv9JMJD</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20799,CVE-2022-20801
Categories: Security Alerts

Cisco Small Business RV Series Routers Remote Code Execution Vulnerability

Wed, 2022-05-04 23:00
<p>A vulnerability in web-based management interface of Cisco&nbsp;Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.</p> <p>This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid <em>Administrator</em>&nbsp;credentials on the affected device.</p> <p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-rce-OYLQbL9u" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-rce-OYLQbL9u</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20753
Categories: Security Alerts

Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Wed, 2022-05-04 23:00
<p>Multiple vulnerabilities in the web engine of Cisco&nbsp;TelePresence Collaboration Endpoint (CE) Software and Cisco&nbsp;RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination.</p> <p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.</p> <p>Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ROS-DOS-X7H7XhkK" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ROS-DOS-X7H7XhkK</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20764,CVE-2022-20794
Categories: Security Alerts

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability

Wed, 2022-04-27 23:00
<p>A vulnerability in the DNS inspection handler of Cisco&nbsp;Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device.</p> <p>This vulnerability is due to a lack of proper processing of incoming requests. An attacker could exploit this vulnerability by sending crafted DNS requests at a high rate to an affected device. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.&nbsp;</p> <p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq</a></p> <p>This advisory is part of the April 2022 release of the Cisco&nbsp;ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74836">Cisco&nbsp;Event Response: April 2022 Cisco&nbsp;ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
Security Impact Rating: High
CVE: CVE-2022-20760
Categories: Security Alerts

Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

Wed, 2022-04-27 23:00
<p>Multiple vulnerabilities in the web-based management interface of Cisco&nbsp;Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.</p> <p>These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.</p> <p>Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-qXz4uAkM" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-qXz4uAkM</a></p> <p>This advisory is part of the April 2022 release of the Cisco&nbsp;ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74836">Cisco&nbsp;Event Response: April 2022 Cisco&nbsp;ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
Security Impact Rating: Medium
CVE: CVE-2022-20627,CVE-2022-20628,CVE-2022-20629
Categories: Security Alerts

Cisco Firepower Management Center File Upload Security Bypass Vulnerability

Wed, 2022-04-27 23:00
<p>A vulnerability in the web management interface of Cisco&nbsp;Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system.</p> <p>This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco&nbsp;FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with <em>root</em> privileges.</p> <p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg</a></p> <p>This advisory is part of the April 2022 release of the Cisco&nbsp;ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74836">Cisco&nbsp;Event Response: April 2022 Cisco&nbsp;ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
Security Impact Rating: High
CVE: CVE-2022-20743
Categories: Security Alerts

Cisco Firepower Management Center Software Information Disclosure Vulnerability

Wed, 2022-04-27 23:00
<p>A vulnerability in the input protection mechanisms of Cisco&nbsp;Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization.</p> <p>This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization.</p> <p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p> <p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infdisc-guJWRwQu" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infdisc-guJWRwQu</a></p> <p>This advisory is part of the April 2022 release of the Cisco&nbsp;ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74836">Cisco&nbsp;Event Response: April 2022 Cisco&nbsp;ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
Security Impact Rating: Medium
CVE: CVE-2022-20744
Categories: Security Alerts

Pages