Cisco has released security updates and workarounds to address vulnerabilities in multiple Cisco products.

Cisco has released security updates to address dangerous vulnerabilities (CVE-2022-20857, CVE-2022-20858, CVE-2022-20861, CVE-2022-20860) in Cisco Nexus Dashboard product. A malicious actor could exploit these vulnerabilities to execute arbitrary commands, read or upload files, perform a cross-site request forgery attack and view sensitive information on the targeted system.

Cisco has also addressed medium severity vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers, Cisco Nexus Dashboard and Cisco IoT Control Center products. An attacker could exploit these vulnerabilities to trigger denial of service (DoS) condition, elevate privileges, write arbitrary files and conduct a cross-site scripting (XSS) attack on an affected system.

Details on all of the addressed vulnerabilities are available on Cisco’s security portal - cisco.com.