Cisco Releases a Series of Patches for Security Vulnerabilities in Numerous Products, Including Cisco Small Business Routers

While September 7 meant for many people getting up to speed with the latest iPhone and Apple Watch, for Cisco it was the day that security patches were released for several medium and high severity vulnerabilities. This article is about security patches released by Cisco.

The company posted a series of advisories in its Security Center and released four patches for a variety of bugs. The patches address high severity CVE-2022-20696, a link configuration vulnerability in Cisco SD-WAN vManage software, and CVE-2022-28199, a flaw in the NVIDIA Data Plane development kit. There are also patches for two medium severity bugs: CVE-2022-20863, a vulnerability in the Cisco Webex application messaging interface, and CVE-2022-2092, a vulnerability in the multi-router IPSec VPN server authentication function. Cisco Small Business.

The most serious vulnerability is NVIDIA's recent discovery related to the NVIDIA Data Plane Development Kit (MLNX_DPDK). According to Cisco, this vulnerability affects several products, including Cisco Catalyst 8000V Edge Software, Cisco Catalyst 8000V Edge Software, and Secure Firewall Threat Defense Virtual (formerly FTDv).

The second major flaw is a vulnerability in the binding configuration of Cisco SD-WAN vManage software containers that could allow an unauthenticated neighbor attacker that has access to the VPN0 logical network to also access the messaging service ports to access an affected system.

Described here is a medium severity bug affecting the Cisco Small Business RV110W, RV130, RV130W, and RV215W routers. Cisco also posted information about a Webex Meeting issue here.

The company also warned about what it calls a "configuration issue" in the home page (or captive portal) feature on Cisco Meraki MR series devices. A guide says:

A configuration option for the splash page feature (also known as captive portal) on Cisco Meraki MR Series devices can allow an administrator to configure an 802.11 WLAN where no traffic policies are applied to clients connecting to the network associated.

Insecure configuration is detected when an administrator configures a WLAN with home page access control and the pre-login captive portal strength is set to Allow non-HTTP traffic.

While this setting is intended to provide connectivity to wireless clients before they interact with the welcome page, the traffic policies are only applied after login is complete. A malicious user could exploit these insecure settings to bypass network policies, such as firewall rules, content filtering, and traffic settings that are configured to restrict traffic within the affected wireless network.

Cisco Meraki does not consider this to be a vulnerability in Cisco Meraki MR Software or the functionality of the splash page. It is considered a configuration problem.

Mistakes before adding an image to a website - read now