Cisco Products Multiple Vulnerabilities

Release Date: 26 Oct 2022

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Cisco Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and data manipulation on the targeted system.

Notes:

CVE-2020-3153 and CVE-2020-3433 are being exploited in the wild. These two vulnerabilities require local and authenticated attacker to exploit, the risk level is rated as High Risk.

Impact

Remote Code Execution
Data Manipulation

System / Technologies affected

Cisco AnyConnect Secure Mobility Client

Please refer to the link below for detail:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj

Vulnerability Identifier

CVE-2020-3153
CVE-2020-3433

Source

Cisco

2022年10月26日星期三

Cisco Products Multiple Vulnerabilities

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link

沒有留言:

發佈留言

惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標

舉報濫用