Details of VAR-202203-0835

ID

VAR-202203-0835

CVE

CVE-2022-20754

TITLE

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009340

DESCRIPTION

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20754 // JVNDB: JVNDB-2022-009340 // VULHUB: VHN-405307 // VULMON: CVE-2022-20754

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence video communication server	scope:	lt	version:	14.0.5	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco telepresence video communication server ソフトウェア	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco telepresence video communication server ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco telepresence video communication server ソフトウェア	scope:	eq	version:	cisco telepresence video communication server software	Trust: 0.8

sources: JVNDB: JVNDB-2022-009340 // NVD: CVE-2022-20754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20754
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20754
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-20754
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202203-118
value:	HIGH
Trust: 0.6
VULHUB:	VHN-405307
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-20754
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20754
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405307
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20754
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20754
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20754
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405307 // VULMON: CVE-2022-20754 // JVNDB: JVNDB-2022-009340 // CNNVD: CNNVD-202203-118 // NVD: CVE-2022-20754 // NVD: CVE-2022-20754

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-23	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009340 // NVD: CVE-2022-20754

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-118

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-118

PATCH

title:	cisco-sa-expressway-filewrite-87Q5YRk	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk	Trust: 0.8
title:	Cisco Expressway Series Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184430	Trust: 0.6
title:	Cisco: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-expressway-filewrite-87Q5YRk	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20754 // JVNDB: JVNDB-2022-009340 // CNNVD: CNNVD-202203-118

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20754	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009340	Trust: 0.8
db:	CS-HELP	id:	SB2022030223	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0890	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-118	Trust: 0.6
db:	VULHUB	id:	VHN-405307	Trust: 0.1
db:	VULMON	id:	CVE-2022-20754	Trust: 0.1

sources: VULHUB: VHN-405307 // VULMON: CVE-2022-20754 // JVNDB: JVNDB-2022-009340 // CNNVD: CNNVD-202203-118 // NVD: CVE-2022-20754

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-filewrite-87q5yrk	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20754	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.0890	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022030223	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20754/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405307 // VULMON: CVE-2022-20754 // JVNDB: JVNDB-2022-009340 // CNNVD: CNNVD-202203-118 // NVD: CVE-2022-20754

SOURCES

db:	VULHUB	id:	VHN-405307
db:	VULMON	id:	CVE-2022-20754
db:	JVNDB	id:	JVNDB-2022-009340
db:	CNNVD	id:	CNNVD-202203-118
db:	NVD	id:	CVE-2022-20754

LAST UPDATE DATE

2024-08-14T15:32:51.380000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405307	date:	2022-04-14T00:00:00
db:	VULMON	id:	CVE-2022-20754	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-009340	date:	2023-08-04T05:03:00
db:	CNNVD	id:	CNNVD-202203-118	date:	2022-04-15T00:00:00
db:	NVD	id:	CVE-2022-20754	date:	2023-11-07T03:42:51.100

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405307	date:	2022-04-06T00:00:00
db:	VULMON	id:	CVE-2022-20754	date:	2022-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-009340	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202203-118	date:	2022-03-02T00:00:00
db:	NVD	id:	CVE-2022-20754	date:	2022-04-06T19:15:08.120