Cisco has released a security updates for Spring Framework (“Spring4Shell”), Firepower Management Center (FMC) and IOS XR software that address Critical and High severity vulnerabilities.
An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.
Spring4Shell
Originally released on April 1, 2022, Cisco issued an updated advisory on April 29 for a Critical remote code execution (RCE) vulnerability CVE-2022-22965 in the Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+.
Spring fixed the Critical Spring Framework vulnerability dubbed “Spring4Shell” and also another Spring Cloud Function vulnerability on March 31, 2022 after the issue was reported to VMware.
Firepower
Cisco patched a High severity vulnerability CVE-2022-20743 in the web management interface of Cisco Firepower Management Center (FMC) Software that “could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system.”
IOS XR
Moreover, Cisco addressed a High severity vulnerability CVE-2022-20714 in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Routers.
This issue could “allow an unauthenticated, remote attacker to cause the line card to reset,” resulting in a denial of service (DoS) condition.
Readers can check out Cisco’s Security Advisories for the latest vulnerabilities for multiple Cisco products.