ID

VAR-202205-1557


CVE

CVE-2022-20806


TITLE

Cisco Expressway Series  and  Cisco TelePresence Video Communication Server  Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011224

DESCRIPTION

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Expressway Series is a software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping remote workers work more efficiently on the device of their choice. Cisco TelePresence Video Communication Server is a video communication server. An attacker could exploit this vulnerability by authenticating to the device. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV

Trust: 1.8

sources: NVD: CVE-2022-20806 // JVNDB: JVNDB-2022-011224 // VULHUB: VHN-405359 // VULMON: CVE-2022-20806

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication serverscope:lteversion:x14.0.7

Trust: 1.0

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope:eqversion:cisco telepresence video communication server software

Trust: 0.8

sources: JVNDB: JVNDB-2022-011224 // NVD: CVE-2022-20806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20806
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20806
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20806
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202205-3727
value: HIGH

Trust: 0.6

VULHUB: VHN-405359
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20806
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-405359
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20806
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20806
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20806
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405359 // JVNDB: JVNDB-2022-011224 // CNNVD: CNNVD-202205-3727 // NVD: CVE-2022-20806 // NVD: CVE-2022-20806

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.1

problemtype:Information leakage from log files (CWE-532) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405359 // JVNDB: JVNDB-2022-011224 // NVD: CVE-2022-20806

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3727

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202205-3727

PATCH

title:cisco-sa-expressway-filewrite-bsFVwueVurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV

Trust: 0.8

title:Cisco Expressway Series and Cisco TelePresence Video Communication Server Repair measures for log information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195511

Trust: 0.6

title:Cisco: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-expressway-filewrite-bsFVwueV

Trust: 0.1

sources: VULMON: CVE-2022-20806 // JVNDB: JVNDB-2022-011224 // CNNVD: CNNVD-202205-3727

EXTERNAL IDS

db:NVDid:CVE-2022-20806

Trust: 3.4

db:JVNDBid:JVNDB-2022-011224

Trust: 0.8

db:CNNVDid:CNNVD-202205-3727

Trust: 0.7

db:CS-HELPid:SB2022051906

Trust: 0.6

db:VULHUBid:VHN-405359

Trust: 0.1

db:VULMONid:CVE-2022-20806

Trust: 0.1

sources: VULHUB: VHN-405359 // VULMON: CVE-2022-20806 // JVNDB: JVNDB-2022-011224 // CNNVD: CNNVD-202205-3727 // NVD: CVE-2022-20806

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-filewrite-bsfvwuev

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-20806

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20806/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051906

Trust: 0.6

sources: VULHUB: VHN-405359 // VULMON: CVE-2022-20806 // JVNDB: JVNDB-2022-011224 // CNNVD: CNNVD-202205-3727 // NVD: CVE-2022-20806

SOURCES

db:VULHUBid:VHN-405359
db:VULMONid:CVE-2022-20806
db:JVNDBid:JVNDB-2022-011224
db:CNNVDid:CNNVD-202205-3727
db:NVDid:CVE-2022-20806

LAST UPDATE DATE

2024-08-14T14:31:11.599000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405359date:2022-06-09T00:00:00
db:JVNDBid:JVNDB-2022-011224date:2023-08-21T05:38:00
db:CNNVDid:CNNVD-202205-3727date:2022-06-10T00:00:00
db:NVDid:CVE-2022-20806date:2023-11-07T03:43:00.200

SOURCES RELEASE DATE

db:VULHUBid:VHN-405359date:2022-05-27T00:00:00
db:JVNDBid:JVNDB-2022-011224date:2023-08-21T00:00:00
db:CNNVDid:CNNVD-202205-3727date:2022-05-18T00:00:00
db:NVDid:CVE-2022-20806date:2022-05-27T14:15:08.780