CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20812 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20812
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API y en la interfaz de administración basada en web de la serie Expressway de Cisco y del servidor de comunicaciones de vídeo (VCS) de Cisco TelePresence podrían permitir a un atacante remoto sobrescribir archivos arbitrarios o conducir ataques de envenenamiento de bytes nulos en un dispositivo afectado. Nota: La serie Expressway de Cisco es referida al dispositivo Expressway Control (Expressway-C) y al dispositivo Expressway Edge (Expressway-E). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20807 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20807
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API y en las interfaces de gestión basadas en la web de la serie Expressway de Cisco y del servidor de comunicaciones de vídeo (VCS) de Cisco TelePresence podrían permitir a un atacante remoto autentificado escribir archivos o revelar información confidencial en un dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20806 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20806
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API y en las interfaces de gestión basadas en la web de la serie Expressway de Cisco y del servidor de comunicaciones de vídeo (VCS) de Cisco TelePresence podrían permitir a un atacante remoto autenticado escribir archivos o revelar información confidencial en un dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20809 – Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20809
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la API y en las interfaces de administración basadas en la web de la serie Expressway de Cisco y del servidor de comunicaciones de vídeo (VCS) de Cisco TelePresence podrían permitir a un atacante remoto autenticado escribir archivos o divulgar información confidencial en un dispositivo afectado. Para conseguir más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34715 – Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability
https://notcve.org/view.php?id=CVE-2021-34715
A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges (the _nobody account) on the underlying operating system. Una vulnerabilidad en la función de comprobación de imagen de Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) podría permitir a un atacante autenticado remoto ejecutar código con privilegios de usuario interno en el sistema operativo subyacente. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewver-c6WZPXRx • CWE-347: Improper Verification of Cryptographic Signature •