CVE-2022-20853 — Cross-Site Request Forgery in Cisco Telepresence Video Communication Server Expressway

CWE-352 — Cross-Site Request Forgery CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.6%

top 30.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Video Communication Server Expressway Cisco Telepresence Video Communication Server

Timeline

PublishedNov 15

Description

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_telepresence_video_communication_server_expressway59 versions+58

▶NVDcisco/telepresence_video_communication_server59 versions+58

🔴Vulnerability Details

CVEList

Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability↗2024-11-15

▶

GHSA

GHSA-pg6h-m56f-q74p: A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cro↗2024-11-15

▶

📋Vendor Advisories

Cisco

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities↗2022-10-05

▶