CVE-2022-20806

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Published: May 27, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-20806
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:N/A:P

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
cisco / telepresence_video_communication_server	-	x14.0.7.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV

Vulnerability Database

289,598

CVE-2022-20806