CVE-2022-20853

Name of the Vulnerable Software and Affected Versions Cisco Expressway Series and Cisco TelePresence VCS (affected versions not specified)

Description The issue is related to a cross-site request forgery (CSRF) attack. It is caused by insufficient CSRF protections for the web-based management interface of the affected systems. An attacker could exploit this by persuading a user to follow a crafted link, potentially allowing the attacker to cause the affected system to reload.

Recommendations For Cisco Expressway Series and Cisco TelePresence VCS, update to a version that includes the software updates released by Cisco to address this issue. As a temporary workaround, consider restricting access to the REST API to minimize the risk of exploitation. Avoid using crafted links that could be used to conduct a CSRF attack until the issue is resolved.