Cisco announced on Wednesday that it has patched potentially serious vulnerabilities in some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence.
Customers have been informed by the company that two very serious vulnerabilities exist in both its Expressway series and TelePresence Video Communication Server software. Cisco has resolved a high-severity problem with the Enterprise NFV Infrastructure Software (NFVIS) that involved the signature of upgrade files not being correctly checked.
A man-in-the-middle attack can be used to access sensitive data using one of these flaws, which is identified as CVE-2022-20814 and related to improper certificate validation. If the flaw is exploited effectively, the attacker may be able to intercept or modify traffic.