Vulnerability-Lookup

CVE-2022-20814 (GCVE-0-2022-20814)

Vulnerability from cvelistv5 – Published: 2024-11-15 15:32 – Updated: 2024-11-15 21:15

Title

Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnerability

Summary

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.  The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-295 - Improper Certificate Validation

Assigner

cisco

References

URL

Tags

	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco TelePresence Video Communication Server (VCS) Expressway	Affected: X8.11.2 Affected: X8.6 Affected: X8.11.3 Affected: X8.2.2 Affected: X8.8.3 Affected: X8.11.0 Affected: X12.5.2 Affected: X8.1.1 Affected: X8.9 Affected: X12.5.1 Affected: X12.5.6 Affected: X8.7.3 Affected: X12.6.0 Affected: X8.11.1 Affected: X8.5 Affected: X8.9.1 Affected: X8.10.2 Affected: X8.8.2 Affected: X8.5.3 Affected: X8.1 Affected: X8.9.2 Affected: X8.11.4 Affected: X12.5.4 Affected: X8.8.1 Affected: X8.2.1 Affected: X8.5.1 Affected: X8.6.1 Affected: X8.1.2 Affected: X8.8 Affected: X8.10.0 Affected: X12.5.3 Affected: X8.10.1 Affected: X12.5.7 Affected: X8.10.3 Affected: X8.7.1 Affected: X8.2 Affected: X12.5.8 Affected: X8.7 Affected: X8.5.2 Affected: X12.5.9 Affected: X12.5.0 Affected: X8.10.4 Affected: X8.7.2 Affected: X12.5.5 Affected: X12.6.1 Affected: X12.6.2 Affected: X12.6.3 Affected: X12.6.4 Affected: X12.7.0 Affected: X12.7.1 Affected: X14.0.0 Affected: X14.0.1 Affected: X14.0.2 Affected: X14.0.3 Affected: X14.0.4 Affected: X14.0.5 Affected: X14.0.6 Affected: X14.0.7 Affected: X14.0.8 Affected: X14.0.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:telepresence_video_communication_server:-:*:*:*:expressway:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "telepresence_video_communication_server",
            "vendor": "cisco",
            "versions": [
              {
                "lessThan": "14.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20814",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T21:14:32.828966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T21:15:35.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco TelePresence Video Communication Server (VCS) Expressway",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "X8.11.2"
            },
            {
              "status": "affected",
              "version": "X8.6"
            },
            {
              "status": "affected",
              "version": "X8.11.3"
            },
            {
              "status": "affected",
              "version": "X8.2.2"
            },
            {
              "status": "affected",
              "version": "X8.8.3"
            },
            {
              "status": "affected",
              "version": "X8.11.0"
            },
            {
              "status": "affected",
              "version": "X12.5.2"
            },
            {
              "status": "affected",
              "version": "X8.1.1"
            },
            {
              "status": "affected",
              "version": "X8.9"
            },
            {
              "status": "affected",
              "version": "X12.5.1"
            },
            {
              "status": "affected",
              "version": "X12.5.6"
            },
            {
              "status": "affected",
              "version": "X8.7.3"
            },
            {
              "status": "affected",
              "version": "X12.6.0"
            },
            {
              "status": "affected",
              "version": "X8.11.1"
            },
            {
              "status": "affected",
              "version": "X8.5"
            },
            {
              "status": "affected",
              "version": "X8.9.1"
            },
            {
              "status": "affected",
              "version": "X8.10.2"
            },
            {
              "status": "affected",
              "version": "X8.8.2"
            },
            {
              "status": "affected",
              "version": "X8.5.3"
            },
            {
              "status": "affected",
              "version": "X8.1"
            },
            {
              "status": "affected",
              "version": "X8.9.2"
            },
            {
              "status": "affected",
              "version": "X8.11.4"
            },
            {
              "status": "affected",
              "version": "X12.5.4"
            },
            {
              "status": "affected",
              "version": "X8.8.1"
            },
            {
              "status": "affected",
              "version": "X8.2.1"
            },
            {
              "status": "affected",
              "version": "X8.5.1"
            },
            {
              "status": "affected",
              "version": "X8.6.1"
            },
            {
              "status": "affected",
              "version": "X8.1.2"
            },
            {
              "status": "affected",
              "version": "X8.8"
            },
            {
              "status": "affected",
              "version": "X8.10.0"
            },
            {
              "status": "affected",
              "version": "X12.5.3"
            },
            {
              "status": "affected",
              "version": "X8.10.1"
            },
            {
              "status": "affected",
              "version": "X12.5.7"
            },
            {
              "status": "affected",
              "version": "X8.10.3"
            },
            {
              "status": "affected",
              "version": "X8.7.1"
            },
            {
              "status": "affected",
              "version": "X8.2"
            },
            {
              "status": "affected",
              "version": "X12.5.8"
            },
            {
              "status": "affected",
              "version": "X8.7"
            },
            {
              "status": "affected",
              "version": "X8.5.2"
            },
            {
              "status": "affected",
              "version": "X12.5.9"
            },
            {
              "status": "affected",
              "version": "X12.5.0"
            },
            {
              "status": "affected",
              "version": "X8.10.4"
            },
            {
              "status": "affected",
              "version": "X8.7.2"
            },
            {
              "status": "affected",
              "version": "X12.5.5"
            },
            {
              "status": "affected",
              "version": "X12.6.1"
            },
            {
              "status": "affected",
              "version": "X12.6.2"
            },
            {
              "status": "affected",
              "version": "X12.6.3"
            },
            {
              "status": "affected",
              "version": "X12.6.4"
            },
            {
              "status": "affected",
              "version": "X12.7.0"
            },
            {
              "status": "affected",
              "version": "X12.7.1"
            },
            {
              "status": "affected",
              "version": "X14.0.0"
            },
            {
              "status": "affected",
              "version": "X14.0.1"
            },
            {
              "status": "affected",
              "version": "X14.0.2"
            },
            {
              "status": "affected",
              "version": "X14.0.3"
            },
            {
              "status": "affected",
              "version": "X14.0.4"
            },
            {
              "status": "affected",
              "version": "X14.0.5"
            },
            {
              "status": "affected",
              "version": "X14.0.6"
            },
            {
              "status": "affected",
              "version": "X14.0.7"
            },
            {
              "status": "affected",
              "version": "X14.0.8"
            },
            {
              "status": "affected",
              "version": "X14.0.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the certificate validation of Cisco\u0026nbsp;Expressway-C and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.\u0026nbsp;\u0026nbsp;The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco\u0026nbsp;Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.\r\nNote: Cisco\u0026nbsp;Expressway-E is not affected by this vulnerability.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "Improper Certificate Validation",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T15:32:47.058Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-expressway-csrf-sqpsSfY6",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis advisory is part of the September 2022 release of the Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see \u003ca href=\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74840\"\u003eCisco\u0026nbsp;Event Response: September 2022 Semiannual Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis advisory is part of the September 2022 release of the Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see \u003ca href=\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74840\"\u003eCisco\u0026nbsp;Event Response: September 2022 Semiannual Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis advisory is part of the September 2022 release of the Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see \u003ca href=\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74840\"\u003eCisco\u0026nbsp;Event Response: September 2022 Semiannual Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2"
        }
      ],
      "source": {
        "advisory": "cisco-sa-expressway-csrf-sqpsSfY6",
        "defects": [
          "CSCwa25108"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20814",
    "datePublished": "2024-11-15T15:32:47.058Z",
    "dateReserved": "2021-11-02T13:28:29.175Z",
    "dateUpdated": "2024-11-15T21:15:35.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-20814\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T21:14:32.828966Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:cisco:telepresence_video_communication_server:-:*:*:*:expressway:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"telepresence_video_communication_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"14.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T21:15:24.552Z\"}}], \"cna\": {\"title\": \"Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnerability\", \"source\": {\"defects\": [\"CSCwa25108\"], \"advisory\": \"cisco-sa-expressway-csrf-sqpsSfY6\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco TelePresence Video Communication Server (VCS) Expressway\", \"versions\": [{\"status\": \"affected\", \"version\": \"X8.11.2\"}, {\"status\": \"affected\", \"version\": \"X8.6\"}, {\"status\": \"affected\", \"version\": \"X8.11.3\"}, {\"status\": \"affected\", \"version\": \"X8.2.2\"}, {\"status\": \"affected\", \"version\": \"X8.8.3\"}, {\"status\": \"affected\", \"version\": \"X8.11.0\"}, {\"status\": \"affected\", \"version\": \"X12.5.2\"}, {\"status\": \"affected\", \"version\": \"X8.1.1\"}, {\"status\": \"affected\", \"version\": \"X8.9\"}, {\"status\": \"affected\", \"version\": \"X12.5.1\"}, {\"status\": \"affected\", \"version\": \"X12.5.6\"}, {\"status\": \"affected\", \"version\": \"X8.7.3\"}, {\"status\": \"affected\", \"version\": \"X12.6.0\"}, {\"status\": \"affected\", \"version\": \"X8.11.1\"}, {\"status\": \"affected\", \"version\": \"X8.5\"}, {\"status\": \"affected\", \"version\": \"X8.9.1\"}, {\"status\": \"affected\", \"version\": \"X8.10.2\"}, {\"status\": \"affected\", \"version\": \"X8.8.2\"}, {\"status\": \"affected\", \"version\": \"X8.5.3\"}, {\"status\": \"affected\", \"version\": \"X8.1\"}, {\"status\": \"affected\", \"version\": \"X8.9.2\"}, {\"status\": \"affected\", \"version\": \"X8.11.4\"}, {\"status\": \"affected\", \"version\": \"X12.5.4\"}, {\"status\": \"affected\", \"version\": \"X8.8.1\"}, {\"status\": \"affected\", \"version\": \"X8.2.1\"}, {\"status\": \"affected\", \"version\": \"X8.5.1\"}, {\"status\": \"affected\", \"version\": \"X8.6.1\"}, {\"status\": \"affected\", \"version\": \"X8.1.2\"}, {\"status\": \"affected\", \"version\": \"X8.8\"}, {\"status\": \"affected\", \"version\": \"X8.10.0\"}, {\"status\": \"affected\", \"version\": \"X12.5.3\"}, {\"status\": \"affected\", \"version\": \"X8.10.1\"}, {\"status\": \"affected\", \"version\": \"X12.5.7\"}, {\"status\": \"affected\", \"version\": \"X8.10.3\"}, {\"status\": \"affected\", \"version\": \"X8.7.1\"}, {\"status\": \"affected\", \"version\": \"X8.2\"}, {\"status\": \"affected\", \"version\": \"X12.5.8\"}, {\"status\": \"affected\", \"version\": \"X8.7\"}, {\"status\": \"affected\", \"version\": \"X8.5.2\"}, {\"status\": \"affected\", \"version\": \"X12.5.9\"}, {\"status\": \"affected\", \"version\": \"X12.5.0\"}, {\"status\": \"affected\", \"version\": \"X8.10.4\"}, {\"status\": \"affected\", \"version\": \"X8.7.2\"}, {\"status\": \"affected\", \"version\": \"X12.5.5\"}, {\"status\": \"affected\", \"version\": \"X12.6.1\"}, {\"status\": \"affected\", \"version\": \"X12.6.2\"}, {\"status\": \"affected\", \"version\": \"X12.6.3\"}, {\"status\": \"affected\", \"version\": \"X12.6.4\"}, {\"status\": \"affected\", \"version\": \"X12.7.0\"}, {\"status\": \"affected\", \"version\": \"X12.7.1\"}, {\"status\": \"affected\", \"version\": \"X14.0.0\"}, {\"status\": \"affected\", \"version\": \"X14.0.1\"}, {\"status\": \"affected\", \"version\": \"X14.0.2\"}, {\"status\": \"affected\", \"version\": \"X14.0.3\"}, {\"status\": \"affected\", \"version\": \"X14.0.4\"}, {\"status\": \"affected\", \"version\": \"X14.0.5\"}, {\"status\": \"affected\", \"version\": \"X14.0.6\"}, {\"status\": \"affected\", \"version\": \"X14.0.7\"}, {\"status\": \"affected\", \"version\": \"X14.0.8\"}, {\"status\": \"affected\", \"version\": \"X14.0.9\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco\\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6\", \"name\": \"cisco-sa-expressway-csrf-sqpsSfY6\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis advisory is part of the September 2022 release of the Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see \u003ca href=\\\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74840\\\"\u003eCisco\u0026nbsp;Event Response: September 2022 Semiannual Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis advisory is part of the September 2022 release of the Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see \u003ca href=\\\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74840\\\"\u003eCisco\u0026nbsp;Event Response: September 2022 Semiannual Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis advisory is part of the September 2022 release of the Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see \u003ca href=\\\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74840\\\"\u003eCisco\u0026nbsp;Event Response: September 2022 Semiannual Cisco\u0026nbsp;IOS XR Software Security Advisory Bundled Publication\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the certificate validation of Cisco\u0026nbsp;Expressway-C and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.\u0026nbsp;\u0026nbsp;The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco\u0026nbsp;Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.\\r\\nNote: Cisco\u0026nbsp;Expressway-E is not affected by this vulnerability.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-295\", \"description\": \"Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-11-15T15:32:47.058Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-20814\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T21:15:35.408Z\", \"dateReserved\": \"2021-11-02T13:28:29.175Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-11-15T15:32:47.058Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2022-AVI-885

Vulnerability from certfr_avis - Published: 2022-10-06 - Updated: 2022-10-06

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges, un déni de service à distance et une injection de requêtes illégitimes par rebond (CSRF).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Expressway Series	Cisco Expressway Series versions antérieures à 14.2
Cisco	N/A	Cisco Enterprise NFVIS versions antérieures à 4.9.1
Cisco	TelePresence VCS	Cisco TelePresence VCS versions antérieures à 14.2

References

Title

Publication Time

GHSA-RG5M-FC62-H68H

Vulnerability from github – Published: 2024-11-15 18:30 – Updated: 2025-07-31 18:31

Details

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Severity ?

7.4 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-20814"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-15T16:15:22Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the certificate validation of Cisco\u0026nbsp;Expressway-C and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.\u0026nbsp;\u0026nbsp;The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco\u0026nbsp;Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.\nNote: Cisco\u0026nbsp;Expressway-E is not affected by this vulnerability.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.",
  "id": "GHSA-rg5m-fc62-h68h",
  "modified": "2025-07-31T18:31:50Z",
  "published": "2024-11-15T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20814"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-20814

Vulnerability from fstec - Published: 05.10.2022

Title

Уязвимость микропрограммного обеспечения шлюзов Cisco Expressway и микропрограммного обеспечения устройств управления вызовами Cisco TelePresence Video Communication Server, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю реализовать атаку типа «человек посередине»

Description

Уязвимость микропрограммного обеспечения шлюзов Cisco Expressway и микропрограммного обеспечения устройств управления вызовами Cisco TelePresence Video Communication Server связана с ошибками процедуры подтверждения подлинности сертификата. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, реализовать атаку типа «человек посередине»

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Vendor

Cisco Systems Inc.

Software Name

Cisco Expressway, TelePresence Video Communication Server

Software Version

до 14.2 (Cisco Expressway), до 14.2 (TelePresence Video Communication Server)

Possible Mitigations

Использование рекомендаций: https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html

Reference

https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html

CWE

CWE-295

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 14.2 (Cisco Expressway), \u0434\u043e 14.2 (TelePresence Video Communication Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.10.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.10.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.10.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-06332",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-20814",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco Expressway, TelePresence Video Communication Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0448\u043b\u044e\u0437\u043e\u0432 Cisco Expressway \u0438 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u0437\u043e\u0432\u0430\u043c\u0438 Cisco TelePresence Video Communication Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0442\u0438\u043f\u0430 \u00ab\u0447\u0435\u043b\u043e\u0432\u0435\u043a \u043f\u043e\u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435\u00bb",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 (CWE-295)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0448\u043b\u044e\u0437\u043e\u0432 Cisco Expressway \u0438 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u0437\u043e\u0432\u0430\u043c\u0438 Cisco TelePresence Video Communication Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0442\u0438\u043f\u0430 \u00ab\u0447\u0435\u043b\u043e\u0432\u0435\u043a \u043f\u043e\u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435\u00bb",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-295",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,4)"
}

FKIE_CVE-2022-20814

Vulnerability from fkie_nvd - Published: 2024-11-15 16:15 - Updated: 2025-07-31 15:44

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6	Vendor Advisory
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt	Not Applicable
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6	Not Applicable
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2	Not Applicable

Impacted products

Vendor	Product	Version
cisco	telepresence_video_communication_server	x8.1
cisco	telepresence_video_communication_server	x8.1.1
cisco	telepresence_video_communication_server	x8.1.2
cisco	telepresence_video_communication_server	x8.2
cisco	telepresence_video_communication_server	x8.2.1
cisco	telepresence_video_communication_server	x8.2.2
cisco	telepresence_video_communication_server	x8.5
cisco	telepresence_video_communication_server	x8.5.1
cisco	telepresence_video_communication_server	x8.5.2
cisco	telepresence_video_communication_server	x8.5.3
cisco	telepresence_video_communication_server	x8.6
cisco	telepresence_video_communication_server	x8.6.1
cisco	telepresence_video_communication_server	x8.7
cisco	telepresence_video_communication_server	x8.7.1
cisco	telepresence_video_communication_server	x8.7.2
cisco	telepresence_video_communication_server	x8.7.3
cisco	telepresence_video_communication_server	x8.8
cisco	telepresence_video_communication_server	x8.8.1
cisco	telepresence_video_communication_server	x8.8.2
cisco	telepresence_video_communication_server	x8.8.3
cisco	telepresence_video_communication_server	x8.9
cisco	telepresence_video_communication_server	x8.9.1
cisco	telepresence_video_communication_server	x8.9.2
cisco	telepresence_video_communication_server	x8.10.0
cisco	telepresence_video_communication_server	x8.10.1
cisco	telepresence_video_communication_server	x8.10.2
cisco	telepresence_video_communication_server	x8.10.3
cisco	telepresence_video_communication_server	x8.10.4
cisco	telepresence_video_communication_server	x8.11.0
cisco	telepresence_video_communication_server	x8.11.1
cisco	telepresence_video_communication_server	x8.11.2
cisco	telepresence_video_communication_server	x8.11.3
cisco	telepresence_video_communication_server	x8.11.4
cisco	telepresence_video_communication_server	x12.5.0
cisco	telepresence_video_communication_server	x12.5.1
cisco	telepresence_video_communication_server	x12.5.2
cisco	telepresence_video_communication_server	x12.5.3
cisco	telepresence_video_communication_server	x12.5.4
cisco	telepresence_video_communication_server	x12.5.5
cisco	telepresence_video_communication_server	x12.5.6
cisco	telepresence_video_communication_server	x12.5.7
cisco	telepresence_video_communication_server	x12.5.8
cisco	telepresence_video_communication_server	x12.5.9
cisco	telepresence_video_communication_server	x12.6.0
cisco	telepresence_video_communication_server	x12.6.1
cisco	telepresence_video_communication_server	x12.6.2
cisco	telepresence_video_communication_server	x12.6.3
cisco	telepresence_video_communication_server	x12.6.4
cisco	telepresence_video_communication_server	x12.7.0
cisco	telepresence_video_communication_server	x12.7.1
cisco	telepresence_video_communication_server	x14.0.0
cisco	telepresence_video_communication_server	x14.0.1
cisco	telepresence_video_communication_server	x14.0.2
cisco	telepresence_video_communication_server	x14.0.3
cisco	telepresence_video_communication_server	x14.0.4
cisco	telepresence_video_communication_server	x14.0.5
cisco	telepresence_video_communication_server	x14.0.6
cisco	telepresence_video_communication_server	x14.0.7
cisco	telepresence_video_communication_server	x14.0.8
cisco	telepresence_video_communication_server	x14.0.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "73A2A365-59AA-48B9-9ABF-914C2B80C7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "98BDD88B-DF43-4F7C-A6C0-1EECE9C85355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "BE860BF8-AC42-4C10-BC65-9DBF8050E682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "C03A7AEA-8411-4693-84A9-7ADC7F08D87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "0D98AE26-55C9-4BA7-B82C-5B328E689418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "D50E9F77-0575-43E0-AF83-9A932F4D4F73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "9F91E793-E37D-4823-B078-DA96AB422967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "3F16B185-879A-4BA8-B4EB-B032FC8B9674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "5D58C2C4-F0CB-440A-885A-173DC9B5D32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "95FC0285-58F4-4C17-9DB0-0A495A7FE9BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "E9BB8E50-74EF-4726-A069-C90B09201593",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "8AEF5B51-8609-40D8-A01B-6696B012FCB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "C0DCF6AA-84C1-4B1A-80B0-6942707D9CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "1590C980-506C-4689-AA91-6C647CC3AF28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "4E9D0839-13E1-4C95-AFEF-3071A977AB5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "6E714552-FDEF-4971-959F-3615E34E6F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "20A5441C-7798-4EAD-9428-6DA4EF354807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "1BE2198F-DF53-497E-9945-062ADD3787F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "0D7C383F-30E2-4F22-B35D-B73671D1BBCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "B478B2B7-269C-4813-A004-225D90715A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "CBEB2506-7F1B-4227-B5BD-47B28778D7AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "A000BA48-4ABC-46D4-89EB-CEA8D754B708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "66CBF53D-4174-463A-B902-E50FF63E39B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "BFFD53C6-D23A-4CEC-AD1C-7D6A8B920566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "F642A732-BA7E-493F-BE62-273997AF3328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "76688320-EE54-4662-BE15-F721EA55D5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "7C3B3879-FCDF-4D12-9B81-24EC70FF6CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "F0B562E3-5E36-4899-A57A-90E653737B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "EA6FF488-FBED-40E6-92CC-39B8749171C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "F84981B5-0E55-40D6-92F9-57C03A24A44A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "A9A37F14-5F65-4C99-A0E2-EACABEDF2286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "6F7DC504-15CA-4D44-90E5-5684F474A7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "36BD629F-0183-41C2-9547-08EAE359BD00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "26301BB9-38C0-473F-9FAF-E5DF70E29A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "29C38DD2-E763-4B59-83C7-050D08D91637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "684A39DB-7850-4932-922D-9E7A62FC608A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "81B09C18-F930-4B67-8309-7FA0889039C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "E172DA2A-37B4-4387-AE92-0F0D4F60F736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "D09EB9B0-5212-4E32-95E9-93BEC53B4AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "2221FF76-F13A-4E8D-88EB-2757AB6DCDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "FBEE5E76-A827-4031-B1C1-4961C277C5F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "156F7D5E-DC54-4687-B80F-3281C779135F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "8BDFCFC1-8230-4051-9B5D-73349C288E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "98E3BF27-037E-474F-B55A-12750943499D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "9F2CF11F-735B-458F-9F2F-8E2322FC39DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "22089B78-2048-4192-826B-76AA3FAE7E22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "C826FD6A-948C-4B09-8061-E800BD6E1963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "2CE43D3E-BC2F-4CBC-8213-13028B88B1B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "60DF84F3-B71E-4860-A6B7-61AB5D201702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "06852E84-8BEC-403D-BB70-07A4F51054E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "EDDF2FE3-585A-4A3D-9E14-A8AE02301223",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "6C6A62AC-7214-4FB0-A2C9-82BDEE6D7C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "7090851D-B154-435B-8F25-06E365334D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "D1A6AB08-E97C-4865-B225-0EA77AA73366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "0EE6F371-C8E2-4B4E-855E-882395C02801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "711A5AE8-087C-4471-BA1B-C3B70EED1427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "4B0339D9-9CA8-4376-A60B-94429B993E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "3AA3FAD1-7F25-4D57-AA14-822CDE7FE0FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "9F656226-EAB4-4B9D-965B-872FA62BDA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.9:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "1543EF6E-9B45-4FD4-B435-6579FE7F2C54",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the certificate validation of Cisco\u0026nbsp;Expressway-C and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.\u0026nbsp;\u0026nbsp;The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco\u0026nbsp;Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.\r\nNote: Cisco\u0026nbsp;Expressway-E is not affected by this vulnerability.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la validaci\u00f3n de certificados de Cisco Expressway-C y Cisco TelePresence VCS podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso no autorizado a datos confidenciales. La vulnerabilidad se debe a la falta de validaci\u00f3n del certificado de servidor SSL que recibe un dispositivo afectado cuando establece una conexi\u00f3n con un dispositivo Cisco Unified Communications Manager. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando una t\u00e9cnica de intermediario para interceptar el tr\u00e1fico entre los dispositivos y, a continuaci\u00f3n, utilizando un certificado autofirmado para hacerse pasar por el punto final. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ver el tr\u00e1fico interceptado en texto plano o alterar el contenido del tr\u00e1fico. Nota: Cisco Expressway-E no se ve afectado por esta vulnerabilidad. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad. "
    }
  ],
  "id": "CVE-2022-20814",
  "lastModified": "2025-07-31T15:44:19.193",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-11-15T16:15:22.670",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}

GSD-2022-20814

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2022-20814

Aliases

CVE-2022-20814

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-20814",
    "id": "GSD-2022-20814"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-20814"
      ],
      "id": "GSD-2022-20814",
      "modified": "2023-12-13T01:19:16.233497Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-20814",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-20814 (GCVE-0-2022-20814)

CERTFR-2022-AVI-885

Solution

GHSA-RG5M-FC62-H68H

CVE-2022-20814

FKIE_CVE-2022-20814

GSD-2022-20814

Tags

Sightings

Nomenclature