CVE-2022-20853

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

Published: Nov 15, 2024
Updated: Nov 16, 2025
CVE: CVE-2022-20853
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
cisco / telepresence_video_communication_server	x14.0.3	x14.0.3.x
cisco / telepresence_video_communication_server	x8.1	x8.1.x
cisco / telepresence_video_communication_server	x14.0.8	x14.0.8.x
cisco / telepresence_video_communication_server	x14.0.7	x14.0.7.x
cisco / telepresence_video_communication_server	x14.0.6	x14.0.6.x
cisco / telepresence_video_communication_server	x14.0.5	x14.0.5.x
cisco / telepresence_video_communication_server	x12.5.5	x12.5.5.x
cisco / telepresence_video_communication_server	x12.6.1	x12.6.1.x
cisco / telepresence_video_communication_server	x12.6.2	x12.6.2.x
cisco / telepresence_video_communication_server	x12.6.3	x12.6.3.x
cisco / telepresence_video_communication_server	x12.6.4	x12.6.4.x
cisco / telepresence_video_communication_server	x12.7.0	x12.7.0.x
cisco / telepresence_video_communication_server	x12.7.1	x12.7.1.x
cisco / telepresence_video_communication_server	x14.0.0	x14.0.0.x
cisco / telepresence_video_communication_server	x14.0.1	x14.0.1.x
cisco / telepresence_video_communication_server	x14.0.2	x14.0.2.x
cisco / telepresence_video_communication_server	x14.0.4	x14.0.4.x
cisco / telepresence_video_communication_server	x8.7.2	x8.7.2.x
cisco / telepresence_video_communication_server	x12.5.0	x12.5.0.x
cisco / telepresence_video_communication_server	x12.5.3	x12.5.3.x
cisco / telepresence_video_communication_server	x12.5.4	x12.5.4.x
cisco / telepresence_video_communication_server	x12.5.7	x12.5.7.x
cisco / telepresence_video_communication_server	x12.5.8	x12.5.8.x
cisco / telepresence_video_communication_server	x12.5.9	x12.5.9.x
cisco / telepresence_video_communication_server	x8.10.0	x8.10.0.x
cisco / telepresence_video_communication_server	x8.10.1	x8.10.1.x
cisco / telepresence_video_communication_server	x8.10.3	x8.10.3.x
cisco / telepresence_video_communication_server	x8.10.4	x8.10.4.x
cisco / telepresence_video_communication_server	x8.11.4	x8.11.4.x
cisco / telepresence_video_communication_server	x8.2	x8.2.x
cisco / telepresence_video_communication_server	x8.5.1	x8.5.1.x
cisco / telepresence_video_communication_server	x8.5.3	x8.5.3.x
cisco / telepresence_video_communication_server	x8.6.1	x8.6.1.x
cisco / telepresence_video_communication_server	x8.7	x8.7.x
cisco / telepresence_video_communication_server	x8.7.1	x8.7.1.x
cisco / telepresence_video_communication_server	x8.8	x8.8.x
cisco / telepresence_video_communication_server	x8.8.1	x8.8.1.x
cisco / telepresence_video_communication_server	x8.8.2	x8.8.2.x
cisco / telepresence_video_communication_server	x8.9.2	x8.9.2.x
cisco / telepresence_video_communication_server	x8.1.2	x8.1.2.x
cisco / telepresence_video_communication_server	x8.2.1	x8.2.1.x
cisco / telepresence_video_communication_server	x8.5.2	x8.5.2.x
cisco / telepresence_video_communication_server	x12.5.1	x12.5.1.x
cisco / telepresence_video_communication_server	x12.5.2	x12.5.2.x
cisco / telepresence_video_communication_server	x12.5.6	x12.5.6.x
cisco / telepresence_video_communication_server	x12.6.0	x12.6.0.x
cisco / telepresence_video_communication_server	x8.10.2	x8.10.2.x
cisco / telepresence_video_communication_server	x8.1.1	x8.1.1.x
cisco / telepresence_video_communication_server	x8.11.0	x8.11.0.x
cisco / telepresence_video_communication_server	x8.11.1	x8.11.1.x
cisco / telepresence_video_communication_server	x8.11.2	x8.11.2.x
cisco / telepresence_video_communication_server	x8.11.3	x8.11.3.x
cisco / telepresence_video_communication_server	x8.2.2	x8.2.2.x
cisco / telepresence_video_communication_server	x8.5	x8.5.x
cisco / telepresence_video_communication_server	x8.6	x8.6.x
cisco / telepresence_video_communication_server	x8.7.3	x8.7.3.x
cisco / telepresence_video_communication_server	x8.8.3	x8.8.3.x
cisco / telepresence_video_communication_server	x8.9	x8.9.x
cisco / telepresence_video_communication_server	x8.9.1	x8.9.1.x

Vulnerability Database

317,107

CVE-2022-20853

Deep Security Visibility Without the Complexity