CVE-2022-20813
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.
Múltiples vulnerabilidades en la API y en la interfaz de administración basada en web de la serie Expressway de Cisco y del servidor de comunicaciones de vídeo (VCS) de Cisco TelePresence podrían permitir a un atacante remoto sobrescribir archivos arbitrarios o conducir ataques de envenenamiento de bytes nulos en un dispositivo afectado. Nota: La serie Cisco Expressway hace referencia al dispositivo Expressway Control (Expressway-C) y al dispositivo Expressway Edge (Expressway-E). Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2021-11-02 CVE Reserved
- 2022-07-06 CVE Published
- 2024-09-27 EPSS Updated
- 2024-11-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-158: Improper Neutralization of Null Byte or NUL Character
- CWE-295: Improper Certificate Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Expressway Search vendor "Cisco" for product "Expressway" | < x14.0.7 Search vendor "Cisco" for product "Expressway" and version " < x14.0.7" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Telepresence Video Communication Server Search vendor "Cisco" for product "Telepresence Video Communication Server" | < x14.0.7 Search vendor "Cisco" for product "Telepresence Video Communication Server" and version " < x14.0.7" | - |
Affected
|