Cisco has released software updates that address these vulnerabilities. There are no workarounds or mitigations that can be applied to reduce the risk of exploitation. If you are running Cisco FMC Software version 11.2 or earlier, you should upgrade to version 11.3. Cisco FMC Software version 11.3 or later is not affected by these issues. Cisco recommends that you install the updated software version as soon as possible. In addition, Cisco FMC Software version 11.2 or earlier is not affected by another issue in which the input to the Cisco FMC Software email notification feature could be intentionally modified, allowing an attacker to send a forged email notification to an affected system administrator. Cisco FMC Software version 11.3 addresses this issue. Cisco FMC Software version 11.2 or earlier is not affected by another issue in which the input to the Cisco FMC Software web-based management interface could be unintentionally modified, allowing an attacker to conduct a cross-site scripting (XSS) attack against users of the interface. Cisco FMC Software version 11.3 addresses this issue. Cisco FMC Software version 11.2 or earlier is not affected by another issue in which the input to the Cisco FMC Software web-based management interface could be unintentionally modified, allowing an attacker to conduct a cross-site scripting (XSS) attack against users of the interface. Cisco FMC Software version 11.3 addresses this issue. In addition, Cisco FMC Software version 11.2 or
Potential Threat Scenario
Cisco has released software updates that address these vulnerabilities. There are no workarounds or mitigations that can be applied to reduce the risk of exploitation. If you are running Cisco FMC Software version 11.2 or earlier, you should upgrade to version 11.3. Cisco FMC Software version 11.3 or later is not affected by these issues. Cisco recommends that you install the updated software version as soon as possible. In addition, Cisco FMC Software version 11.2 or earlier is not affected by another issue in which the input to the Cisco FMC Software email notification feature could be intentionally modified, allowing an attacker to send a forged email notification to an affected system administrator.","CVE-2022-20935","Cisco has released software updates that address these vulnerabilities.","Possible Threat Scenario","Cisco has released software updates that address these vulnerabilities.","Cisco recommends that you install the updated software version as soon as possible.","In addition, Cisco FMC Software version 11.2 or earlier is not affected by another issue in which the input to the Cisco FMC Software web-based management interface could be unintentionally modified, allowing an attacker to conduct a cross-site scripting (XSS) attack against users of the interface.","CVE-2022-20935","In addition, Cisco FMC Software version 11.2 or earlier is not affected by another issue in which the input to the Cisco FMC Software web-based management interface could be unintentionally modified, allowing
Timeline
Published on: 11/15/2022 21:15:00 UTC
Last modified on: 11/18/2022 18:13:00 UTC