<p>A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system.</p>
<p>This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href=”https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK” target=”_blank”>https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK</a></p>
<p><strong>Attention</strong>: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see <a href=”https://www.cisco.com/c/en/us/products/security/secure-names.html”>Meet Cisco Secure</a>.</p>
<p>This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href=”https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK” target=”_blank”>https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK</a></p>
<p><strong>Attention</strong>: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see <a href=”https://www.cisco.com/c/en/us/products/security/secure-names.html”>Meet Cisco Secure</a>.</p>
Security Impact Rating: Medium
CVE: CVE-2022-20797