9VSA22-00679-01 CSIRT alerta de nuevas vulnerabilidades en productos Cisco
El CSIRT de Gobierno comparte información sobre nuevas vulnerabilidades dadas a conocer por Cisco.
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información sobre nuevas vulnerabilidades dadas a conocer por Cisco.
Vulnerabilidades
CVE-2022-20857
CVE-2022-20858
CVE-2022-20861
CVE-2022-20860
CVE-2022-20873
CVE-2022-20874
CVE-2022-20875
CVE-2022-20876
CVE-2022-20877
CVE-2022-20878
CVE-2022-20879
CVE-2022-20880
CVE-2022-20881
CVE-2022-20882
CVE-2022-20883
CVE-2022-20884
CVE-2022-20885
CVE-2022-20886
CVE-2022-20887
CVE-2022-20888
CVE-2022-20889
CVE-2022-20890
CVE-2022-20891
CVE-2022-20892
CVE-2022-20893
CVE-2022-20894
CVE-2022-20895
CVE-2022-20896
CVE-2022-20897
CVE-2022-20898
CVE-2022-20899
CVE-2022-20900
CVE-2022-20901
CVE-2022-20902
CVE-2022-20903
CVE-2022-20904
CVE-2022-20910
CVE-2022-20911
CVE-2022-20912
CVE-2022-20906
CVE-2022-20907
CVE-2022-20908
CVE-2022-20909
CVE-2022-20913
CVE-2022-20916
CVE-2022-20733
Impacto
Vulnerabilidades de riesgo crítico
CVE-2022-20857: Vulnerabilidad de ejecución arbitraria de comandos en Cisco Nexus Dashboard. Un atacante remoto no autenticado puede acceder a una API specifica que esté corriendo en la red de datos y ejecutar comandos arbitrarios en un equipo afectado.
CVE-2022-20858: Vulnerabilidad de escritura y lectura en Cisco Nexus Dashboard Container Image, que puede permitir a un atacante remoto no autenticado acceder a un servicio que esté corriendo en las redes de administración y datos del aparato afectado.
CVE-2022-20861: Vulnerabilidad tipo cross-site request forgery (CSFR) en Cisco Nexus Dashboard. Permite que un atacante remoto no autenticado lleve a cabo un ataque de tipo cross-site request forgery en el equipo afectado.
Productos afectados
Cisco Nexus Dashboard
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers
Cisco IoT Control Center
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
https://tools.cisco.com/security/center/publicationListing.x
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20733
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00679-01.