CVE-2022-20814

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.  The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Published: Nov 15, 2024
Updated: Nov 16, 2025
CVE: CVE-2022-20814
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
cisco / telepresence_video_communication_server	x14.0.3	x14.0.3.x
cisco / telepresence_video_communication_server	x8.1	x8.1.x
cisco / telepresence_video_communication_server	x14.0.9	x14.0.9.x
cisco / telepresence_video_communication_server	x14.0.8	x14.0.8.x
cisco / telepresence_video_communication_server	x14.0.7	x14.0.7.x
cisco / telepresence_video_communication_server	x14.0.6	x14.0.6.x
cisco / telepresence_video_communication_server	x12.5.5	x12.5.5.x
cisco / telepresence_video_communication_server	x12.6.1	x12.6.1.x
cisco / telepresence_video_communication_server	x12.6.2	x12.6.2.x
cisco / telepresence_video_communication_server	x12.6.3	x12.6.3.x
cisco / telepresence_video_communication_server	x12.6.4	x12.6.4.x
cisco / telepresence_video_communication_server	x12.7.0	x12.7.0.x
cisco / telepresence_video_communication_server	x12.7.1	x12.7.1.x
cisco / telepresence_video_communication_server	x14.0.0	x14.0.0.x
cisco / telepresence_video_communication_server	x14.0.1	x14.0.1.x
cisco / telepresence_video_communication_server	x14.0.2	x14.0.2.x
cisco / telepresence_video_communication_server	x14.0.4	x14.0.4.x
cisco / telepresence_video_communication_server	x14.0.5	x14.0.5.x
cisco / telepresence_video_communication_server	x8.1.2	x8.1.2.x
cisco / telepresence_video_communication_server	x8.2	x8.2.x
cisco / telepresence_video_communication_server	x8.2.1	x8.2.1.x
cisco / telepresence_video_communication_server	x8.5.1	x8.5.1.x
cisco / telepresence_video_communication_server	x8.5.2	x8.5.2.x
cisco / telepresence_video_communication_server	x8.5.3	x8.5.3.x
cisco / telepresence_video_communication_server	x8.6.1	x8.6.1.x
cisco / telepresence_video_communication_server	x8.7	x8.7.x
cisco / telepresence_video_communication_server	x8.7.1	x8.7.1.x
cisco / telepresence_video_communication_server	x8.7.2	x8.7.2.x
cisco / telepresence_video_communication_server	x8.8	x8.8.x
cisco / telepresence_video_communication_server	x8.8.1	x8.8.1.x
cisco / telepresence_video_communication_server	x8.9.2	x8.9.2.x
cisco / telepresence_video_communication_server	x8.10.0	x8.10.0.x
cisco / telepresence_video_communication_server	x8.10.1	x8.10.1.x
cisco / telepresence_video_communication_server	x8.10.3	x8.10.3.x
cisco / telepresence_video_communication_server	x8.10.4	x8.10.4.x
cisco / telepresence_video_communication_server	x8.11.4	x8.11.4.x
cisco / telepresence_video_communication_server	x12.5.0	x12.5.0.x
cisco / telepresence_video_communication_server	x12.5.3	x12.5.3.x
cisco / telepresence_video_communication_server	x12.5.4	x12.5.4.x
cisco / telepresence_video_communication_server	x12.5.7	x12.5.7.x
cisco / telepresence_video_communication_server	x12.5.8	x12.5.8.x
cisco / telepresence_video_communication_server	x12.5.9	x12.5.9.x
cisco / telepresence_video_communication_server	x8.1.1	x8.1.1.x
cisco / telepresence_video_communication_server	x8.2.2	x8.2.2.x
cisco / telepresence_video_communication_server	x8.5	x8.5.x
cisco / telepresence_video_communication_server	x8.6	x8.6.x
cisco / telepresence_video_communication_server	x8.7.3	x8.7.3.x
cisco / telepresence_video_communication_server	x8.8.2	x8.8.2.x
cisco / telepresence_video_communication_server	x8.8.3	x8.8.3.x
cisco / telepresence_video_communication_server	x8.9	x8.9.x
cisco / telepresence_video_communication_server	x8.9.1	x8.9.1.x
cisco / telepresence_video_communication_server	x8.10.2	x8.10.2.x
cisco / telepresence_video_communication_server	x8.11.0	x8.11.0.x
cisco / telepresence_video_communication_server	x8.11.1	x8.11.1.x
cisco / telepresence_video_communication_server	x8.11.2	x8.11.2.x
cisco / telepresence_video_communication_server	x8.11.3	x8.11.3.x
cisco / telepresence_video_communication_server	x12.5.1	x12.5.1.x
cisco / telepresence_video_communication_server	x12.5.2	x12.5.2.x
cisco / telepresence_video_communication_server	x12.5.6	x12.5.6.x
cisco / telepresence_video_communication_server	x12.6.0	x12.6.0.x

Vulnerability Database

317,107

CVE-2022-20814

Deep Security Visibility Without the Complexity