This vulnerability was discovered by Lukas Toth of Cisco Vulnerability Research Team. Cisco released security advisories for the following products: Cisco AnyConnect Secure Mobility VPN — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170319-ANYCONNECT Cisco Unified Computing System (UCS) — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170319-UCS Cisco UCS Manager — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170319-UCSM Cisco WebEx — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170319-WebEx Cisco AnyConnect — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170319-ANYCONNECT Cisco FirePOWER — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170319-FIREPOWER Cisco Firepower Threat Detection System — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170319-FDT Cisco AnyConnect Secure Mobility VPN
Cisco Unified Communications Manager
Cisco Unified Communications Manager (CUCM) is a telephony and unified communications system for Cisco TelePresence systems.
This vulnerability allows remote attackers to trigger the installation of unsigned software packages, leading to the authentication bypass and execution of arbitrary code.
Cisco Unified Computing System (UCS)
The vulnerability is in the Cisco Unified Computing System (UCS) Manager component of UCS. This vulnerability is being exploited by a cross-site scripting attack.
Cisco UCS and Cisco UCS Manager
The Cisco UCS Manager and the Cisco UCS Mange have both been updated to version 10.5.2. Cisco also released a patch for this vulnerability.
Cisco FirePOWER
FirePOWER is a security and compliance appliance that provides the visibility, policy enforcement, control and reporting needed to protect against cyber-threats. Firepower Threat Detection System (FTDS) is an integrated endpoint security solution that delivers intelligence across the network of any size.
Timeline
Published on: 10/13/2022 23:15:00 UTC
Last modified on: 10/19/2022 14:08:00 UTC
References
- https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr
- https://github.com/grafana/grafana/releases/tag/v9.1.8
- https://github.com/grafana/grafana/commit/c658816f5229d17f877579250c07799d3bbaebc9
- https://github.com/grafana/grafana/commit/b571acc1dc130a33f24742c1f93b93216da6cf57
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39201