Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote malicious user to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco telepresence video communication server |
||
cisco expressway |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources No, Windows Autopatch didn't kill the monthly patchapalooza Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant
Patch Tuesday Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live — with a slew of caveats — the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit. Let's start with the one that miscreants have already found and exploited. CVE-2022-22047 is an elevation of privilege vuln in Windows' Client Server Runtime Subsystem (CSRSS). Microsoft deemed it an "important" secu...