Cisco Security Advisories — July 2022 — Cisco Security Advisories

cisco-sa-iotcc-xss-WQrCLRVd

Cisco PSIRTHIGH2022-07-20

Cisco IoT Control Center Cross-Site Scripting Vulnerability

CVEs:CVE-2022-20916

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-287188	affected	Cisco	—	—

Upstream advisory

cisco-sa-ise-lifetime-pwd-GpCs76mb

Cisco PSIRTHIGH2022-07-20

Cisco Identity Services Engine Administrator Password Lifetime Expiration Issue

Upstream advisory

cisco-sa-nd-tlsvld-TbAQLp3N

Cisco PSIRTHIGH2022-07-20

Cisco Nexus Dashboard SSL Certificate Validation Vulnerability

CVEs:CVE-2022-20860

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-280977	affected	Cisco	—	—

Upstream advisory

cisco-sa-ndb-afw-2MT9tb99

Cisco PSIRTHIGH2022-07-20

Cisco Nexus Dashboard Arbitrary File Write Vulnerability

CVEs:CVE-2022-20913

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-280977	affected	Cisco	—	—

Upstream advisory

cisco-sa-ndb-mhcvuln-vpsBPJ9y

Cisco PSIRTMEDIUM2022-07-20

Cisco Nexus Dashboard Unauthorized Access Vulnerabilities

CVEs:CVE-2022-20857 CVE-2022-20858 CVE-2022-20861

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-280977	affected	Cisco	—	—

Upstream advisory

cisco-sa-ndb-mprvesc-EMhDgXe5

Cisco PSIRTHIGH2022-07-20

Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

CVEs:CVE-2022-20906 CVE-2022-20907 CVE-2022-20908 CVE-2022-20909

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-280977	affected	Cisco	—	—

Upstream advisory

cisco-sa-sb-rv-rce-overflow-ygHByAK

Cisco PSIRTHIGH2022-07-20

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

CVEs:CVE-2022-20873 CVE-2022-20874 CVE-2022-20875 CVE-2022-20876 CVE-2022-20881 CVE-2022-20877 CVE-2022-20878 CVE-2022-20879 CVE-2022-20880 CVE-2022-20882 CVE-2022-20883 CVE-2022-20884 CVE-2022-20885 CVE-2022-20886 CVE-2022-20887 CVE-2022-20888 CVE-2022-20889 CVE-2022-20890 CVE-2022-20891 CVE-2022-20892 CVE-2022-20893 CVE-2022-20894 CVE-2022-20895 CVE-2022-20896 CVE-2022-20897 CVE-2022-20898 CVE-2022-20899 CVE-2022-20900 CVE-2022-20901 CVE-2022-20902 CVE-2022-20903 CVE-2022-20904 CVE-2022-20910 CVE-2022-20911 CVE-2022-20912

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-183630	affected	Cisco	—	—

Upstream advisory

cisco-sa-cucm-imp-afr-YBFLNyzd

Cisco PSIRTHIGH2022-07-06

Cisco Unified Communications Products Arbitrary File Read Vulnerability

CVEs:CVE-2022-20791

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-189784	affected	Cisco	—	—
CVRFPID-277610	affected	Cisco	—	—
CVRFPID-88444	affected	Cisco	—	—

Upstream advisory

cisco-sa-cucm-xss-RgH7MpKA

Cisco PSIRTHIGH2022-07-06

Cisco Unified Communications Products Cross-Site Scripting Vulnerability

CVEs:CVE-2022-20800

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-189784	affected	Cisco	—	—
CVRFPID-277610	affected	Cisco	—	—
CVRFPID-73608	affected	Cisco	—	—
CVRFPID-88444	affected	Cisco	—	—

Upstream advisory

cisco-sa-cucm-xss-ksKd5yfA

Cisco PSIRTHIGH2022-07-06

Cisco Unified Communications Products Cross-Site Scripting Vulnerability

CVEs:CVE-2022-20815

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-189784	affected	Cisco	—	—
CVRFPID-88444	affected	Cisco	—	—

Upstream advisory

cisco-sa-expressway-overwrite-3buqW8LH

Cisco PSIRTHIGH2022-07-06

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

CVEs:CVE-2022-20813 CVE-2022-20812

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-209614	affected	Cisco	—	—

Upstream advisory

cisco-sa-onprem-privesc-tP6uNZOS

Cisco PSIRTHIGH2022-07-06

Cisco Smart Software Manager On-Prem Denial of Service Vulnerability

CVEs:CVE-2022-20808

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-274027	affected	Cisco	—	—

Upstream advisory

cisco-sa-roomos-infodisc-YOTz9Ct7

Cisco PSIRTHIGH2022-07-06

Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability

CVEs:CVE-2022-20768

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-265966	affected	Cisco	—	—
CVRFPID-278404	affected	Cisco	—	—

Upstream advisory

cisco-sa-ucm-access-dMKvV2DY

Cisco PSIRTHIGH2022-07-06

Cisco Unified Communications Products Access Control Vulnerability

CVEs:CVE-2022-20859

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-189784	affected	Cisco	—	—
CVRFPID-277610	affected	Cisco	—	—
CVRFPID-88444	affected	Cisco	—	—

Upstream advisory

cisco-sa-ucm-file-read-qgjhEc3A

Cisco PSIRTHIGH2022-07-06

Cisco Unified Communications Manager Arbitrary File Read Vulnerability

CVEs:CVE-2022-20862

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-88444	affected	Cisco	—	—

Upstream advisory

cisco-sa-ucm-timing-JVbHECOK

Cisco PSIRTHIGH2022-07-06

Cisco Unified Communications Products Timing Attack Vulnerability

CVEs:CVE-2022-20752

Affected products

Product	Status	Vendor	Package	Ecosystem
CVRFPID-277610	affected	Cisco	—	—
CVRFPID-88444	affected	Cisco	—	—

Upstream advisory

Advisories

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Need live exploit intelligence?