CRITICAL✓ PATCH🇬🇧 English

CVE-2022-20812

CVSS 9.0v3.1pub. 2022-07-06upd. 2024-11-21

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
  • Cisco Expressway

    APP
    Cisco
    < x14.0.7
  • Cisco Telepresence Video Communication Server

    APP
    Cisco
    < x14.0.7
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2024-20254CRITICAL9.6PL ✓ten sam produkt

CSRF w Cisco Expressway i TelePresence VCS umożliwiający zdalne działania

CVE-2024-20252CRITICAL9.6PL ✓ten sam produkt

CSRF w Cisco Expressway Series i TelePresence VCS — nieautoryzowane działania

CVE-2023-20192CRITICAL9.6ten sam produkt

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) co...

CVE-2023-20105CRITICAL9.6ten sam produkt

A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video C...

CVE-2022-20813CRITICAL9.0ten sam produkt

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and C...