Details of VAR-202203-0836

ID

VAR-202203-0836

CVE

CVE-2022-20755

TITLE

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009355

DESCRIPTION

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20755 // JVNDB: JVNDB-2022-009355 // VULHUB: VHN-405308 // VULMON: CVE-2022-20755

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence video communication server	scope:	lt	version:	14.0.5	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco telepresence video communication server ソフトウェア	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco telepresence video communication server ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco telepresence video communication server ソフトウェア	scope:	eq	version:	cisco telepresence video communication server software	Trust: 0.8

sources: JVNDB: JVNDB-2022-009355 // NVD: CVE-2022-20755

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20755
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20755
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-20755
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202203-115
value:	HIGH
Trust: 0.6
VULHUB:	VHN-405308
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-20755
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20755
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405308
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20755
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20755
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20755
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405308 // VULMON: CVE-2022-20755 // JVNDB: JVNDB-2022-009355 // CNNVD: CNNVD-202203-115 // NVD: CVE-2022-20755 // NVD: CVE-2022-20755

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-23	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009355 // NVD: CVE-2022-20755

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-115

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-115

PATCH

title:	cisco-sa-expressway-filewrite-87Q5YRk	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk	Trust: 0.8
title:	Cisco Expressway Series Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184427	Trust: 0.6
title:	Cisco: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-expressway-filewrite-87Q5YRk	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20755 // JVNDB: JVNDB-2022-009355 // CNNVD: CNNVD-202203-115

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20755	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009355	Trust: 0.8
db:	CS-HELP	id:	SB2022030223	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0890	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-115	Trust: 0.6
db:	VULHUB	id:	VHN-405308	Trust: 0.1
db:	VULMON	id:	CVE-2022-20755	Trust: 0.1

sources: VULHUB: VHN-405308 // VULMON: CVE-2022-20755 // JVNDB: JVNDB-2022-009355 // CNNVD: CNNVD-202203-115 // NVD: CVE-2022-20755

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-filewrite-87q5yrk	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20755	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.0890	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022030223	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20755/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405308 // VULMON: CVE-2022-20755 // JVNDB: JVNDB-2022-009355 // CNNVD: CNNVD-202203-115 // NVD: CVE-2022-20755

SOURCES

db:	VULHUB	id:	VHN-405308
db:	VULMON	id:	CVE-2022-20755
db:	JVNDB	id:	JVNDB-2022-009355
db:	CNNVD	id:	CNNVD-202203-115
db:	NVD	id:	CVE-2022-20755

LAST UPDATE DATE

2024-08-14T15:32:51.410000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405308	date:	2022-04-14T00:00:00
db:	VULMON	id:	CVE-2022-20755	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-009355	date:	2023-08-04T05:42:00
db:	CNNVD	id:	CNNVD-202203-115	date:	2022-04-15T00:00:00
db:	NVD	id:	CVE-2022-20755	date:	2023-11-07T03:42:51.303

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405308	date:	2022-04-06T00:00:00
db:	VULMON	id:	CVE-2022-20755	date:	2022-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-009355	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202203-115	date:	2022-03-02T00:00:00
db:	NVD	id:	CVE-2022-20755	date:	2022-04-06T19:15:08.173