Cisco Channel

2022-05-18 19:49:10 Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-strd-xss-BqFXO9D2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Enterprise%20Chat%20and%20Email%20Stored%20Cross-Site%20Scripting%20Vulnerability&vs_k=1

A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-strd-xss-BqFXO9D2



Security Impact Rating: Medium



CVE: CVE-2022-20802 Open / Comment

2022-05-18 19:48:11 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Expressway%20Series%20and%20Cisco%20TelePresence%20Video%20Communication%20Server%20Vulnerabilities&vs_k=1

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device.
For more information about these vulnerabilities, see the Details (#details) section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV


Security Impact Rating: Medium



CVE: CVE-2022-20806,CVE-2022-20807,CVE-2022-20809 Open / Comment

2022-05-18 19:47:10 Cisco Secure Network Analytics Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Secure%20Network%20Analytics%20Remote%20Code%20Execution%20Vulnerability&vs_k=1

A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system.
This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK
Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see Meet Cisco Secure (https://www.cisco.com/c/en/us/products/security/secure-names.html).



Security Impact Rating: Medium



CVE: CVE-2022-20797 Open / Comment

2022-05-18 19:46:10 Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-UCS-XSS-uQSME3L7?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Director%20JavaScript%20Cross-Site%20Scripting%20Vulnerability&vs_k=1

A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system.
This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-UCS-XSS-uQSME3L7



Security Impact Rating: Medium



CVE: CVE-2022-20765 Open / Comment

2022-05-17 06:01:54 Join Cisco at KubeCon + CloudNativeCon Europe 2022 where the Emerging Technologies & Incubation team will be meeting with modern app developers, security and DevOps engineers.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss) Open / Comment

2022-05-17 06:01:53 Open / Comment

2022-05-17 06:01:51 Developers experience enterprise-ready cloud-native solutions for app security, monitoring, and lifecycle management
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2022/m05/developers-experience-enterprise-ready-cloud-native-solutions-for-application-security-monitoring-and-lifecycle-management.html?source=rss Open / Comment

2022-05-14 09:52:25 For more polls and quizzes go to @poppolls Open / Comment

2022-05-14 09:52:17 Open / Comment

2022-05-14 09:45:46 For more polls and quizzes go to @poppolls Open / Comment