Cisco and Fortinet Release Security Patches for Multiple Products

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks.

The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server and “Could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device,” the company said in an advisory.

CVE-2022-20812, which concerns a case of arbitrary file overwrite in the cluster database API, requires the authenticated, remote attacker to have Administrator read-write privileges on the application so as to be able to mount path traversal attacks as a root user.

CVE-2022-20813, on the other hand, has been described as a null byte poisoning flaw arising due to improper certificate validation, which could be weaponized by an attacker to stage a man-in-the-middle attack and gain unauthorized access to sensitive data.

CVE-2021-41031 – Privilege Escalation via directory traversal attack in FortiClient for Windows.

CVE-2022-26117 – Unprotected MySQL root account in FortiNAC. Should the flaws be successfully exploited, it may allow an authenticated attacker to execute arbitrary code, retrieve and delete files, and access MySQL databases, or even permit a local unprivileged actor to escalate to SYSTEM permissions.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.
Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.
PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

Restez Informés!

Abonnez-vous pour rester au fait des dernières tendances, menaces, nouvelles et statistiques dans l’industrie.