=====================================================================

                            CERT-Renater

                  Note d'Information No. 2021/VULN167
_____________________________________________________________________

DATE                : 21/04/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco TelePresence Collaboration
                                        Endpoint,
                      RoomOS Software, Cisco Umbrella Virtual Appliance,
                      Cisco Virtualized Infrastructure Manager,
                      Cisco Unified Communications Products,
                      Cisco Adaptive Security Appliance, 
       Cisco Firepower Threat Defense Software,
                      Cisco Webex Meetings,
             Cisco Unified Communications Manager IM & Presence Service,
                      Cisco Umbrella Secure Web Gateway.

=====================================================================
https://tools.cisco.com/security/center/publicationListing.x
_____________________________________________________________________



Below is the list of Cisco Security Advisories published by Cisco PSIRT 
on 2022-April-20.

The following PSIRT security advisories (3 High, 9 Medium) were 
published at 16:00 UTC today.

Table of Contents:

1) Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 
    Denial of Service Vulnerability - SIR: High

2) Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability - 
SIR: High

3) Cisco Virtualized Infrastructure Manager Privilege Escalation 
Vulnerability - SIR: High

4) Cisco Unified Communications Products Arbitrary File Read 
Vulnerability - SIR: Medium

5) Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense 
     Software AnyConnect SSL VPN Denial of Service Vulnerability     - 
SIR: Medium

6) Cisco Unified Communications Products Cross-Site Scripting 
Vulnerability - SIR: Medium

7) Cisco Unified Communications Products Cross-Site Request Forgery 
Vulnerability - SIR: Medium

8) Cisco Webex Meetings Cross-Site Scripting Vulnerability     - SIR: Medium

9) Cisco Unified Communications Products Denial of Service 
Vulnerability - SIR: Medium

10) Cisco Unified Communications Products Arbitrary File  Write 
Vulnerability - SIR: Medium

11) Cisco Unified Communications Manager IM & Presence Service SQL 
Injection Vulnerability - SIR: Medium

12) Cisco Umbrella Secure Web Gateway File Decryption Bypass 
Vulnerability - SIR: Medium

+--------------------------------------------------------------------

1) Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 
   Denial of Service Vulnerability

CVE-2022-20783

SIR: High

CVSS Score v(3.1): 7.5

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ce-roomos-dos-c65x2Qf2 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ce-roomos-dos-c65x2Qf2"]

+--------------------------------------------------------------------

2) Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability

CVE-2022-20773

SIR: High

CVSS Score v(3.1): 7.5

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c"]

+--------------------------------------------------------------------

3) Cisco Virtualized Infrastructure Manager Privilege Escalation 
Vulnerability

CVE-2022-20732

SIR: High

CVSS Score v(3.1): 7.8

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vim-privesc-T2tsFUf 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vim-privesc-T2tsFUf"]

+--------------------------------------------------------------------

4) Cisco Unified Communications Products Arbitrary File Read 
Vulnerability

CVE-2022-20790

SIR: Medium

CVSS Score v(3.1): 6.5

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3"]

+--------------------------------------------------------------------

5) Cisco Adaptive Security Appliance and Cisco Firepower Threat 
Defense Software AnyConnect SSL VPN Denial of Service Vulnerability

CVE-2022-20795

SIR: Medium

CVSS Score v(3.1): 5.8

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vpndtls-dos-TunzLEV 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vpndtls-dos-TunzLEV"]

+--------------------------------------------------------------------

6) Cisco Unified Communications Products Cross-Site Scripting 
Vulnerability

CVE-2022-20788

SIR: Medium

CVSS Score v(3.1): 6.1

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-6MCe4kPF 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-6MCe4kPF"]

+--------------------------------------------------------------------

7) Cisco Unified Communications Products Cross-Site Request Forgery 
Vulnerability

CVE-2022-20787

SIR: Medium

CVSS Score v(3.1): 5.7

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-jrKP4eNT 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-jrKP4eNT"]

+--------------------------------------------------------------------

8) Cisco Webex Meetings Cross-Site Scripting Vulnerability

CVE-2022-20778

SIR: Medium

CVSS Score v(3.1): 6.1

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-w47AMqAk 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-w47AMqAk"]

+--------------------------------------------------------------------

9) Cisco Unified Communications Products Denial of Service     Vulnerability

CVE-2022-20804

SIR: Medium

CVSS Score v(3.1): 5.3

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD"]

+--------------------------------------------------------------------

10) Cisco Unified Communications Products Arbitrary File  Write 
Vulnerability

CVE-2022-20789

SIR: Medium

CVSS Score v(3.1): 4.9

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU"]

+--------------------------------------------------------------------

11) Cisco Unified Communications Manager IM & Presence Service SQL 
Injection Vulnerability

CVE-2022-20786

SIR: Medium

CVSS Score v(3.1): 5.4

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"]

+--------------------------------------------------------------------

12) Cisco Umbrella Secure Web Gateway File Decryption Bypass 
Vulnerability

CVE-2022-20805

SIR: Medium

CVSS Score v(3.1): 4.1

URL: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uswg-fdbps-xtTRKpp6 
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uswg-fdbps-xtTRKpp6"]


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================