Cisco has rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX DPDK) late last month.
The vulnerability, identified as CVE-2022-28199 (CVSS score: 8.6), results from improper error handling in the DPDK network stack, giving a remote attacker the ability to induce a denial-of-service (DoS) scenario and affect data integrity and confidentiality. The flaw, designated CVE-2022-20696 (CVSS score: 7.5), was attributed by the firm to the lack of “adequate protective mechanisms” in the message server container ports. Orange Business is credited for disclosing the vulnerability.
The messaging interface of the Cisco Webex App has a third flaw that has been fixed by Cisco (CVE-2022-20863, CVSS score: 4.3), which could allow a remote, unauthenticated attacker to change links or other content and launch phishing attacks.
For more such updates follow us on Google News ITsecuritywire News