PT-2022-3469 · Cisco · Cisco Telepresence Video Communication Server+1

Deklan Evans

Published

2022-07-06

Updated

2022-07-14

CVE-2022-20813

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the API and the web-based management interface of the affected devices. These vulnerabilities could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Additionally, there is a vulnerability related to errors in the certificate authentication procedure, which could allow a remote attacker to implement a man-in-the-middle attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-158CWE-295

Related Identifiers

BDU:2022-04248

CVE-2022-20813

Affected Products

Cisco Expressway Series

Cisco Telepresence Video Communication Server

PT-2022-3469 · Cisco · Cisco Telepresence Video Communication Server+1

CVE-2022-20813

Weakness Enumeration

Related Identifiers

Affected Products

References · 6