Cisco Secure Network Analytics Remote Code Execution Vulnerability

<p>A vulnerability in the web-based management interface of Cisco&nbsp;Secure Network Analytics, formerly Cisco&nbsp;Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system.</p>
<p>This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.</p>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href=”https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK” target=”_blank”>https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK</a></p>
<p><strong>Attention</strong>: Simplifying the Cisco&nbsp;portfolio includes the renaming of security products under one brand: Cisco&nbsp;Secure. For more information, see&nbsp;<a href=”https://www.cisco.com/c/en/us/products/security/secure-names.html”>Meet Cisco&nbsp;Secure</a>.</p>

Security Impact Rating: Medium

CVE: CVE-2022-20797

Related:

  • No Related Posts

Leave a Reply