Cisco Alert
2315Warning Date
Severity Level
Warning Number
Target Sector
13 January, 2022
● Medium
2022-4212
All
Cisco has released security updates to address several vulnerabilities in the following products:
- Cisco Tetration
- Cisco Secure Network Analytics
- Cisco Prime Access Registrar Appliance
- Cisco PI
- IP Conference Phone 7832
- IP Conference Phone 8832
- IP Phones 7811, 7821, 7841, and 7861
- IP Phones 8811, 8841, 8845, 8851, 8861, and 8865
- Unified IP Conference Phone 8831
- Unified IP Conference Phone 8831 for Third-Party Call Control
- Unified IP Phones 7945G, 7965G, and 7975G
- Unified SIP Phone 3905
- Wireless IP Phones 8821 and 8821-EX
- Cisco ECE
- Cisco Security Manager
- Cisco ASDM
- Cisco EPNM
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
- Information Disclosure Vulnerability
- Command injection
The CERT team encourages users to review Cisco security advisory and apply the necessary updates:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-reg-xss-zLOz8PfB
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-mult-xss-7hmOKQTt
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-logging-jnLOY422