Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability

Advisory ID:cisco-sa-ce-roomos-dos-c65x2Qf2First Published:2022 April 20 16:00 GMTVersion 1.0:FinalWorkarounds:No workarounds availableCisco Bug IDs:CSCvz55702CVSS Score:Base 7.5CVE-2022-20783CWE-1287 Download CVRFEmail Summary A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to insufficient input validation. An …

Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability

Advisory ID:cisco-sa-uva-static-key-6RQTRs4cFirst Published:2022 April 20 16:00 GMTVersion 1.0:FinalWorkarounds:No workarounds availableCisco Bug IDs:CSCwa11399CVSS Score:Base 7.5CVE-2022-20773CWE-321 Download CVRFEmail Summary A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA.This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing …

Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability

Advisory ID: cisco-sa-vim-privesc-T2tsFUfFirst Published:2022 April 20 16:00 GMTVersion 1.0:FinalWorkarounds:YesCisco Bug IDs:CSCvz96773CVSS Score:Base 7.8CVE-2022-20732CWE-284 Summary A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged …