This is a different vulnerability than the one covered in the Microsoft Security Advisory 2248355 which was published on March 20, 2018. This new CVE ID is also unique from CVE-2022-41047. Unfortunately, there is no public information about the affected products or CWE IDs at this time. Cisco Systems has released updates to close this vulnerability. The Cisco advisory explains that this critical remote code execution vulnerability is due to an insufficient check of the length of data sent to an ODBC function. This could allow a malicious user to execute code on a vulnerable system. Cisco has released software updates for Cisco ESA, Cisco Firepower, Cisco Unified Contact Center, Cisco Unified Customer Experience platforms, Cisco WebEx, Cisco AnyConnect, Cisco Any port, Cisco Adaptive Security Appliance, Cisco Catalyst 6500 series Switches, Cisco 7600 series Routers, and Cisco M90 series Routers. End users should update to these releases immediately. Cisco Systems has also released software updates for Cisco FirePower, Cisco FirePOWER IronPort, Cisco FireSIGHT Management Center, Cisco Firepower Threat Intelligence Center, Cisco FireSIGHT Service Engine, and Cisco WebEx. End users should update to these releases immediately

Cisco Firepower Software Update

Cisco Systems has released software updates to close this vulnerability. The Cisco advisory explains that this critical remote code execution vulnerability is due to an insufficient check of the length of data sent to an ODBC function. This could allow a malicious user to execute code on a vulnerable system. Cisco has released software updates for Cisco ESA, Cisco Firepower, Cisco Unified Contact Center, Cisco Unified Customer Experience platforms, Cisco WebEx, and Cisco AnyConnect. End users should update to these releases immediately. Cisco Systems has also released software updates for Cisco FirePower IronPort, Cisco FireSIGHT Management Center, and Cisco WebEx. End users should update to these releases immediately.

Cisco Firepower Threat Defense (FTD)

Cisco Firepower Threat Defense (FTD) is an enterprise security suite that helps organizations detect and respond to advanced threats, including zero-day attacks. It provides situational awareness across Cisco’s entire threat portfolio and offers proactive security against the latest cyber-threats.
The FTD appliance supports centralized management of multiple devices and a variety of physical sensors. The FTD appliance integrates with other Cisco security appliances, providing network visibility across the enterprise and helping to reduce the risk of breaches. The following devices are not impacted by this vulnerability: Cisco Dynamic Site-to-Site VPN, Cisco Application Control Engine, Cisco Web Security Appliance

Cisco FirePower

Cisco FirePOWER Security Solutions provide customers with defense-in-depth capabilities for advanced security, analytics, and compliance.

Cisco Firepower Software Updates

The Cisco Firepower software updates are available on the Cisco Software Catalog website.
Affected Products:
Cisco ESA (8.3 and later)
Cisco FirePOWER UTM (8.3 and later)
Cisco Firepower IRF (8.3 and later)
Cisco Firepower NGFW (8.3 and later)
Cisco Firepower Threat Defense (7.5 and later)
Cisco Unified Contact Center Enterprise Edition (9.1 and later)
FireSIGHT Management Center for Security Operations Manager
FireSIGHT Service Engine for Next Generation Security Services Engine (NGSE)
WebEx Business Suite, WebEx Meetings, WebEx Training Suite, WebEx Premium Support Plan
WebEx Connect 8.6, WebEx Meeting Space Viewer, WebEx Meeting Center Live Viewer
WebEx Meetings Standard Edition
WebEx Teams Standard Edition
Any port for Cisco ASA 5500-X Series Adaptive Security Appliance
Any port for Cisco Catalyst 6500 series Switches

Timeline

Published on: 11/09/2022 22:15:00 UTC

References