This week, Cisco announced the availability of patches for a severe flaw in the Cisco Expressway series and TelePresence Video Communication Server (VCS) devices that might allow an attacker to overwrite files with root capabilities on the underlying operating system.
Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices, designed to provide remote collaboration for both mobile users and teleworkers, are reportedly affected by the vulnerability, according to Cisco.
In a security advisory, Cisco warns that “multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or carry out null byte poisoning attacks on an affected device.”
Read More: https://www.securityweek.com/cisco-patches-critical-vulnerability-enterprise-communication-solutions