Vulnerability Description
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Expressway | < x14.0.7 |
| Cisco | Telepresence Video Communication Server | < x14.0.7 |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eVendor Advisory
FAQ
What is CVE-2022-20813?
CVE-2022-20813 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwr...
How severe is CVE-2022-20813?
CVE-2022-20813 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-20813?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Expressway, Cisco Telepresence Video Communication Server.