ID

VAR-202203-0835


CVE

CVE-2022-20754


TITLE

Cisco Expressway  Series and  Cisco TelePresence Video Communication Server  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009340

DESCRIPTION

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20754 // JVNDB: JVNDB-2022-009340 // VULHUB: VHN-405307 // VULMON: CVE-2022-20754

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication serverscope:ltversion:14.0.5

Trust: 1.0

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope:eqversion:cisco telepresence video communication server software

Trust: 0.8

sources: JVNDB: JVNDB-2022-009340 // NVD: CVE-2022-20754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20754
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20754
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20754
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202203-118
value: HIGH

Trust: 0.6

VULHUB: VHN-405307
value: HIGH

Trust: 0.1

VULMON: CVE-2022-20754
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20754
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405307
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20754
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20754
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20754
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405307 // VULMON: CVE-2022-20754 // JVNDB: JVNDB-2022-009340 // CNNVD: CNNVD-202203-118 // NVD: CVE-2022-20754 // NVD: CVE-2022-20754

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-23

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-009340 // NVD: CVE-2022-20754

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-118

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-118

PATCH

title:cisco-sa-expressway-filewrite-87Q5YRkurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk

Trust: 0.8

title:Cisco Expressway Series Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184430

Trust: 0.6

title:Cisco: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-expressway-filewrite-87Q5YRk

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20754 // JVNDB: JVNDB-2022-009340 // CNNVD: CNNVD-202203-118

EXTERNAL IDS

db:NVDid:CVE-2022-20754

Trust: 3.4

db:JVNDBid:JVNDB-2022-009340

Trust: 0.8

db:CS-HELPid:SB2022030223

Trust: 0.6

db:AUSCERTid:ESB-2022.0890

Trust: 0.6

db:CNNVDid:CNNVD-202203-118

Trust: 0.6

db:VULHUBid:VHN-405307

Trust: 0.1

db:VULMONid:CVE-2022-20754

Trust: 0.1

sources: VULHUB: VHN-405307 // VULMON: CVE-2022-20754 // JVNDB: JVNDB-2022-009340 // CNNVD: CNNVD-202203-118 // NVD: CVE-2022-20754

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-filewrite-87q5yrk

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20754

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.0890

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030223

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20754/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405307 // VULMON: CVE-2022-20754 // JVNDB: JVNDB-2022-009340 // CNNVD: CNNVD-202203-118 // NVD: CVE-2022-20754

SOURCES

db:VULHUBid:VHN-405307
db:VULMONid:CVE-2022-20754
db:JVNDBid:JVNDB-2022-009340
db:CNNVDid:CNNVD-202203-118
db:NVDid:CVE-2022-20754

LAST UPDATE DATE

2024-08-14T15:32:51.380000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405307date:2022-04-14T00:00:00
db:VULMONid:CVE-2022-20754date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-009340date:2023-08-04T05:03:00
db:CNNVDid:CNNVD-202203-118date:2022-04-15T00:00:00
db:NVDid:CVE-2022-20754date:2023-11-07T03:42:51.100

SOURCES RELEASE DATE

db:VULHUBid:VHN-405307date:2022-04-06T00:00:00
db:VULMONid:CVE-2022-20754date:2022-04-06T00:00:00
db:JVNDBid:JVNDB-2022-009340date:2023-08-04T00:00:00
db:CNNVDid:CNNVD-202203-118date:2022-03-02T00:00:00
db:NVDid:CVE-2022-20754date:2022-04-06T19:15:08.120