CVE-2022-20812 : Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TeleP

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.

Published 2022-07-06 21:15:12

Updated 2022-11-10 03:51:53

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2022-20812

Probability of exploitation activity in the next 30 days: 0.12%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 46 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-20812

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.5	HIGH	AV:N/AC:L/Au:S/C:N/I:C/A:C	8.0	9.2	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Complete Availability Impact: Complete
9.0	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L	2.3	6.0	Cisco Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: Low
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H	1.2	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

CWE ids for CVE-2022-20812

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)
CWE-158 Improper Neutralization of Null Byte or NUL Character

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.

Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2022-20812

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-20812

Cisco » Telepresence Video Communication Server
Versions before (<) x14.0.7
cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*
Matching versions
Cisco » Expressway
Versions before (<) x14.0.7
cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-20812

Exploit prediction scoring system (EPSS) score for CVE-2022-20812

CVSS scores for CVE-2022-20812

CWE ids for CVE-2022-20812

References for CVE-2022-20812

Products affected by CVE-2022-20812