Vulnerability Details : CVE-2022-20806
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Products affected by CVE-2022-20806
- Cisco » Telepresence Video Communication Server » Expressway EditionVersions up to, including, (<=) x14.0.7cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:expressway:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-20806
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-20806
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:P |
8.0
|
4.9
|
NIST | |
|
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
Cisco Systems, Inc. | |
|
7.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H |
2.8
|
4.2
|
NIST |
CWE ids for CVE-2022-20806
-
The product writes sensitive information to a log file.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2022-20806
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV
Cisco Expressway Series and Cisco TelePresence Video Communication Server VulnerabilitiesVendor Advisory
Jump to