CVE-2022-20814

Name of the Vulnerable Software and Affected Versions Cisco Expressway-C (affected versions not specified) Cisco TelePresence VCS (affected versions not specified)

Description A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.

Recommendations For Cisco Expressway-C, update to a version that includes the software update released by Cisco to address this vulnerability. For Cisco TelePresence VCS, update to a version that includes the software update released by Cisco to address this vulnerability. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.