ID

VAR-202203-0836


CVE

CVE-2022-20755


TITLE

Cisco Expressway  Series and  Cisco TelePresence Video Communication Server  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009355

DESCRIPTION

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20755 // JVNDB: JVNDB-2022-009355 // VULHUB: VHN-405308 // VULMON: CVE-2022-20755

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication serverscope:ltversion:14.0.5

Trust: 1.0

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope:eqversion:cisco telepresence video communication server software

Trust: 0.8

sources: JVNDB: JVNDB-2022-009355 // NVD: CVE-2022-20755

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20755
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20755
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20755
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202203-115
value: HIGH

Trust: 0.6

VULHUB: VHN-405308
value: HIGH

Trust: 0.1

VULMON: CVE-2022-20755
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20755
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405308
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20755
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20755
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20755
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405308 // VULMON: CVE-2022-20755 // JVNDB: JVNDB-2022-009355 // CNNVD: CNNVD-202203-115 // NVD: CVE-2022-20755 // NVD: CVE-2022-20755

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-23

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-009355 // NVD: CVE-2022-20755

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-115

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-115

PATCH

title:cisco-sa-expressway-filewrite-87Q5YRkurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk

Trust: 0.8

title:Cisco Expressway Series Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184427

Trust: 0.6

title:Cisco: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-expressway-filewrite-87Q5YRk

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20755 // JVNDB: JVNDB-2022-009355 // CNNVD: CNNVD-202203-115

EXTERNAL IDS

db:NVDid:CVE-2022-20755

Trust: 3.4

db:JVNDBid:JVNDB-2022-009355

Trust: 0.8

db:CS-HELPid:SB2022030223

Trust: 0.6

db:AUSCERTid:ESB-2022.0890

Trust: 0.6

db:CNNVDid:CNNVD-202203-115

Trust: 0.6

db:VULHUBid:VHN-405308

Trust: 0.1

db:VULMONid:CVE-2022-20755

Trust: 0.1

sources: VULHUB: VHN-405308 // VULMON: CVE-2022-20755 // JVNDB: JVNDB-2022-009355 // CNNVD: CNNVD-202203-115 // NVD: CVE-2022-20755

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-filewrite-87q5yrk

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20755

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.0890

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030223

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20755/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405308 // VULMON: CVE-2022-20755 // JVNDB: JVNDB-2022-009355 // CNNVD: CNNVD-202203-115 // NVD: CVE-2022-20755

SOURCES

db:VULHUBid:VHN-405308
db:VULMONid:CVE-2022-20755
db:JVNDBid:JVNDB-2022-009355
db:CNNVDid:CNNVD-202203-115
db:NVDid:CVE-2022-20755

LAST UPDATE DATE

2024-11-23T21:50:39.939000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405308date:2022-04-14T00:00:00
db:VULMONid:CVE-2022-20755date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-009355date:2023-08-04T05:42:00
db:CNNVDid:CNNVD-202203-115date:2022-04-15T00:00:00
db:NVDid:CVE-2022-20755date:2024-11-21T06:43:29.223

SOURCES RELEASE DATE

db:VULHUBid:VHN-405308date:2022-04-06T00:00:00
db:VULMONid:CVE-2022-20755date:2022-04-06T00:00:00
db:JVNDBid:JVNDB-2022-009355date:2023-08-04T00:00:00
db:CNNVDid:CNNVD-202203-115date:2022-03-02T00:00:00
db:NVDid:CVE-2022-20755date:2022-04-06T19:15:08.173