Skip to content

Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022

On March 29, 2022, the following critical vulnerability in the Spring Cloud Function Framework affecting releases 3.1.6, 3.2.2, and older unsupported releases was disclosed:  

CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

For a description of this vulnerability, see VMware Spring Framework Security Vulnerability Report.

This advisory will be updated as additional information becomes available.

Cisco’s Response to This Vulnerability

Cisco is investigating all products for impact from CVE-2022-22963. To help detect exploitation of this vulnerability, Cisco has released Snort rules at the following location: Talos Rule SID 59388

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH

Security Impact Rating: Critical

CVE: CVE-2022-22963

Source:: Cisco Security Advisories