- Cisco announced the release of patches for three vulnerabilities with CVSS scores of 8.6, 7.5, and 4.3.
- One of the vulnerabilities was found in NVIDIA’s distribution of the Data Plane Development Kit’s network stack, where error recovery is not handled properly.
- According to the security advisories published by Cisco, none of the vulnerabilities are being exploited in the wild currently.
Cisco rolled out multiple patches that are addressing multiple new vulnerabilities. One of those vulnerabilities is a high-severity weakness that was disclosed in NVIDIA Data Plane Development Kit last month. Cisco also stated that some vulnerabilities will not be patched because the devices, mostly small business VPN routers, have already reached end-of-life.
Vulnerabilities
One of the vulnerabilities, tracked as CVE-2022-28199, has a CVSS score of 8.6. It is caused by a vulnerability in the network stack in NVIDIA’s distribution of the Data Plane Development Kit, where the error recovery is not handled properly. It can allow a remote attacker to cause a denial of service and impact data integrity and confidentiality. Shortly after NVIDIA’s announcement, Cisco stated that some of its products are also affected, including:
- Cisco Catalyst 8000 Edge
- Adaptive Security Virtual Appliance
- Secure Firewall Threat Defense Virtual
Cisco also stated that there are no workarounds for this vulnerability but Cisco Catalyst 8000V Edge Software has a recovery mechanism. According to the advisory, there is no evidence that shows that this vulnerability is being exploited in the wild, but proof-of-concept exploit code is available for the vulnerability.
Another vulnerability, tracked as CVE-2022-20696, in the binding configuration of Cisco SD-WAN vManage Software containers is caused by the lack of sufficient protection mechanisms in messaging server container ports on an affected system. It can allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system by exploiting this vulnerability by connecting to the messaging service ports of the affected system. Any Cisco device that runs a vulnerable release of Cisco SD-WAN vManage Software is affected. As a workaround, admins can use access control lists to block ports 4222, 6222, and 8222, which are used by Cisco SD-WAN vManage Software messaging services.
The third vulnerability, tracked as CVE-2022-20863, was found in the messaging interface of the Cisco Webex App. This vulnerability exists because the software does not handle character rendering properly. It can be exploited by sending messages within the application interface. It allows attackers to modify the display of links or other content, which can cause conducting phishing or spoofing attacks. It only affects Cisco Webex App earlier than 42.7, the vulnerability is fixed in the newer versions.