CVE-2022-20812

CWE-158CWE-22Path TraversalCWE-364 documents4 sources
Severity
6.5MEDIUM
EPSS
1.1%
top 22.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco ExpresswayCisco Telepresence Video Communication ServerCisco Cisco Telepresence Video Communication Server (vcs) Expressway
Timeline
PublishedJul 6
Latest updateJul 7

Description

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:LExploitability: 2.3 | Impact: 6.0

Affected Packages3 packages

NVDcisco/expressway< x14.0.7

🔴Vulnerability Details

2
GHSA
GHSA-gccr-pgwc-7hq4: Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Se2022-07-07
CVEList
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities2022-07-06

📋Vendor Advisories

1
Cisco
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities2022-07-06
CVE-2022-20812 (MEDIUM CVSS 6.5) | Multiple vulnerabilities in the API | cvebase.io