ID

VAR-202207-0215


CVE

CVE-2022-20813


TITLE

Cisco Expressway  Series and  Cisco TelePresence Video Communication Server  Certificate validation vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016234

DESCRIPTION

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. The software provides simple, highly secure access for users outside the firewall, helping remote workers work more efficiently on the device of their choice

Trust: 1.8

sources: NVD: CVE-2022-20813 // JVNDB: JVNDB-2022-016234 // VULHUB: VHN-405366 // VULMON: CVE-2022-20813

AFFECTED PRODUCTS

vendor:ciscomodel:expresswayscope:ltversion:x14.0.7

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope:ltversion:x14.0.7

Trust: 1.0

vendor:シスコシステムズmodel:cisco expresswayscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-016234 // NVD: CVE-2022-20813

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20813
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20813
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20813
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202207-519
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405366
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20813
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20813
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405366
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20813
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20813
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20813
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405366 // VULMON: CVE-2022-20813 // JVNDB: JVNDB-2022-016234 // CNNVD: CNNVD-202207-519 // NVD: CVE-2022-20813 // NVD: CVE-2022-20813

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:CWE-158

Trust: 1.0

problemtype:Illegal certificate verification (CWE-295) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405366 // JVNDB: JVNDB-2022-016234 // NVD: CVE-2022-20813

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-519

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202207-519

PATCH

title:cisco-sa-expressway-overwrite-3buqW8LHurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH

Trust: 0.8

title:Cisco Expressway Series and Cisco TelePresence Video Communication Server Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200022

Trust: 0.6

title:Cisco: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-expressway-overwrite-3buqW8LH

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2022/07/12/microsoft_july_patch_tuesday/

Trust: 0.1

sources: VULMON: CVE-2022-20813 // JVNDB: JVNDB-2022-016234 // CNNVD: CNNVD-202207-519

EXTERNAL IDS

db:NVDid:CVE-2022-20813

Trust: 3.4

db:JVNDBid:JVNDB-2022-016234

Trust: 0.8

db:CNNVDid:CNNVD-202207-519

Trust: 0.7

db:AUSCERTid:ESB-2022.3310

Trust: 0.6

db:CS-HELPid:SB2022070706

Trust: 0.6

db:VULHUBid:VHN-405366

Trust: 0.1

db:VULMONid:CVE-2022-20813

Trust: 0.1

sources: VULHUB: VHN-405366 // VULMON: CVE-2022-20813 // JVNDB: JVNDB-2022-016234 // CNNVD: CNNVD-202207-519 // NVD: CVE-2022-20813

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-overwrite-3buqw8lh

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20813

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20813/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070706

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3310

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/295.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405366 // VULMON: CVE-2022-20813 // JVNDB: JVNDB-2022-016234 // CNNVD: CNNVD-202207-519 // NVD: CVE-2022-20813

SOURCES

db:VULHUBid:VHN-405366
db:VULMONid:CVE-2022-20813
db:JVNDBid:JVNDB-2022-016234
db:CNNVDid:CNNVD-202207-519
db:NVDid:CVE-2022-20813

LAST UPDATE DATE

2024-08-14T14:43:51.380000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405366date:2022-07-14T00:00:00
db:VULMONid:CVE-2022-20813date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-016234date:2023-10-03T05:53:00
db:CNNVDid:CNNVD-202207-519date:2022-07-15T00:00:00
db:NVDid:CVE-2022-20813date:2023-11-07T03:43:01.517

SOURCES RELEASE DATE

db:VULHUBid:VHN-405366date:2022-07-06T00:00:00
db:VULMONid:CVE-2022-20813date:2022-07-06T00:00:00
db:JVNDBid:JVNDB-2022-016234date:2023-10-03T00:00:00
db:CNNVDid:CNNVD-202207-519date:2022-07-06T00:00:00
db:NVDid:CVE-2022-20813date:2022-07-06T21:15:11.693