This vulnerability was discovered by Lukas Toth of Cisco Vulnerability Research Team. Cisco released security advisories for the following products: Cisco AnyConnect Secure Mobility VPN — Cisco Unified Computing System (UCS) — Cisco UCS Manager — Cisco WebEx — Cisco AnyConnect — Cisco FirePOWER — Cisco Firepower Threat Detection System — Cisco AnyConnect Secure Mobility VPN

Cisco Unified Communications Manager

Cisco Unified Communications Manager (CUCM) is a telephony and unified communications system for Cisco TelePresence systems.
This vulnerability allows remote attackers to trigger the installation of unsigned software packages, leading to the authentication bypass and execution of arbitrary code.

Cisco Unified Computing System (UCS)

The vulnerability is in the Cisco Unified Computing System (UCS) Manager component of UCS. This vulnerability is being exploited by a cross-site scripting attack.

Cisco UCS and Cisco UCS Manager

The Cisco UCS Manager and the Cisco UCS Mange have both been updated to version 10.5.2. Cisco also released a patch for this vulnerability.

Cisco FirePOWER

FirePOWER is a security and compliance appliance that provides the visibility, policy enforcement, control and reporting needed to protect against cyber-threats. Firepower Threat Detection System (FTDS) is an integrated endpoint security solution that delivers intelligence across the network of any size.


Published on: 10/13/2022 23:15:00 UTC
Last modified on: 10/19/2022 14:08:00 UTC