Cisco has released updates to address vulnerabilities affecting multiple products.
The vulnerability, identified as CVE-2022-28199 (CVSS 8.6), is due to improper error handling in the network stack of DPDK, which enables a remote attacker to cause a denial-of-service (DoS) scenario and affects data integrity and confidentiality.
Cisco Products Affected by CVE-2022-28199
|Cisco Catalyst 8000V Edge Software||17.6.4 |
17.9.1 and later
Note: Only the 17.6, 17.7, and 17.8 versions are affected.
|Adaptive Security Virtual Appliance (ASAv)||9.17.1.x (release date TBD) |
9.19.x and later
Note: Only the 9.17 and 9.18 versions are affected.
|Secure Firewall Threat Defense Virtual (formerly FTDv)||22.214.171.124-x (release date TBD) |
7.2.1.x (release date TBD)
7.3.x and later
Note: Only the 7.1 and 7.2 versions are affected.
They has also fixed a flaw identified as CVE-2022-20696 (CVSS 7.5) in Cisco SD-WAN vManage Software. A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system.
Another fix was issued for a flaw in the messaging interface of the Webex App. CVE-2022-20863.A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface.
However, Cisco explained there would be no patches for this flaw due to impacted products (RV110W, RV130, RV130W, and RV215W Routers) reaching end-of-life. The vulnerability is not critical, but it is recommended to migrate to a supported router series.