CVE-2022-20814

CWE-295 — Improper Certificate Validation CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

7.4HIGH

EPSS

0.1%

top 68.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Telepresence Video Communication Server (vcs) Expressway Cisco Telepresence Video Communication Server

Timeline

PublishedNov 15

Description

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic betwee…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5cisco/cisco_telepresence_video_communication_server_(vcs)_expressway60 versions+59

▶NVDcisco/telepresence_video_communication_server60 versions+59

🔴Vulnerability Details

CVEList

Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnerability↗2024-11-15

▶

GHSA

GHSA-rg5m-fc62-h68h: A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain↗2024-11-15

▶

📋Vendor Advisories

Cisco

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities↗2022-10-05

▶