Cisco has released security updates and workarounds to address vulnerabilities in multiple Cisco products.

Cisco has released security updates to address critical vulnerabilities (CVE-2022-20798, CVE-2022-20825, CVE-2022-20664) in Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager appliances, Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers. A malicious actor could exploit these vulnerabilities to trigger security restriction bypass, information disclosure and denial of service condition on the targeted system.

Cisco has also addressed medium severity vulnerabilities (CVE-2022-20819, CVE-2022-20817, CVE-2022-20736, CVE-2022-20733) in Cisco Identity Services Engine (ISE), Cisco AppDynamics Controller products and Cisco Unified IP Phones. An attacker could exploit these vulnerabilities to trigger security restriction bypass and information disclosure on an affected system.

Details on all of the addressed vulnerabilities are available on Cisco’s security portal - cisco.com.