CVE-2022-20755

Name of the Vulnerable Software and Affected Versions Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the API and web-based management interfaces of the affected devices. These vulnerabilities could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. The vulnerability is also associated with insufficient validation of user-inputted command arguments in the web interface, which could enable a remote attacker to execute arbitrary code as the root user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.