ID

VAR-202207-0214


CVE

CVE-2022-20812


TITLE

Cisco Expressway  Series and  Cisco TelePresence Video Communication Server  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016235

DESCRIPTION

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. The software provides simple, highly secure access for users outside the firewall, helping remote workers work more efficiently on the device of their choice

Trust: 1.8

sources: NVD: CVE-2022-20812 // JVNDB: JVNDB-2022-016235 // VULHUB: VHN-405365 // VULMON: CVE-2022-20812

AFFECTED PRODUCTS

vendor:ciscomodel:expresswayscope:ltversion:x14.0.7

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope:ltversion:x14.0.7

Trust: 1.0

vendor:シスコシステムズmodel:cisco expresswayscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-016235 // NVD: CVE-2022-20812

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20812
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20812
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20812
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202207-520
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405365
value: HIGH

Trust: 0.1

VULMON: CVE-2022-20812
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20812
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405365
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20812
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20812
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20812
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405365 // VULMON: CVE-2022-20812 // JVNDB: JVNDB-2022-016235 // CNNVD: CNNVD-202207-520 // NVD: CVE-2022-20812 // NVD: CVE-2022-20812

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-158

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405365 // JVNDB: JVNDB-2022-016235 // NVD: CVE-2022-20812

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-520

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202207-520

PATCH

title:cisco-sa-expressway-csrf-sqpsSfY6 Cisco Security Advisoryurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6

Trust: 0.8

title:Cisco Expressway Series and Cisco TelePresence Video Communication Server Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=200023

Trust: 0.6

title:Cisco: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-expressway-overwrite-3buqW8LH

Trust: 0.1

title:Cisco: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-expressway-csrf-sqpsSfY6

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2022/07/12/microsoft_july_patch_tuesday/

Trust: 0.1

sources: VULMON: CVE-2022-20812 // JVNDB: JVNDB-2022-016235 // CNNVD: CNNVD-202207-520

EXTERNAL IDS

db:NVDid:CVE-2022-20812

Trust: 3.4

db:JVNDBid:JVNDB-2022-016235

Trust: 0.8

db:CNNVDid:CNNVD-202207-520

Trust: 0.7

db:AUSCERTid:ESB-2022.3310

Trust: 0.6

db:CS-HELPid:SB2022070706

Trust: 0.6

db:VULHUBid:VHN-405365

Trust: 0.1

db:VULMONid:CVE-2022-20812

Trust: 0.1

sources: VULHUB: VHN-405365 // VULMON: CVE-2022-20812 // JVNDB: JVNDB-2022-016235 // CNNVD: CNNVD-202207-520 // NVD: CVE-2022-20812

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-overwrite-3buqw8lh

Trust: 2.5

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-csrf-sqpssfy6

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-20812

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20812/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070706

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3310

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405365 // VULMON: CVE-2022-20812 // JVNDB: JVNDB-2022-016235 // CNNVD: CNNVD-202207-520 // NVD: CVE-2022-20812

SOURCES

db:VULHUBid:VHN-405365
db:VULMONid:CVE-2022-20812
db:JVNDBid:JVNDB-2022-016235
db:CNNVDid:CNNVD-202207-520
db:NVDid:CVE-2022-20812

LAST UPDATE DATE

2024-08-14T14:43:51.409000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405365date:2022-11-10T00:00:00
db:VULMONid:CVE-2022-20812date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-016235date:2023-10-03T06:01:00
db:CNNVDid:CNNVD-202207-520date:2022-10-08T00:00:00
db:NVDid:CVE-2022-20812date:2023-11-07T03:43:01.317

SOURCES RELEASE DATE

db:VULHUBid:VHN-405365date:2022-07-06T00:00:00
db:VULMONid:CVE-2022-20812date:2022-07-06T00:00:00
db:JVNDBid:JVNDB-2022-016235date:2023-10-03T00:00:00
db:CNNVDid:CNNVD-202207-520date:2022-07-06T00:00:00
db:NVDid:CVE-2022-20812date:2022-07-06T21:15:11.643