Vulnerability-Lookup

CVE-2022-20853 (GCVE-0-2022-20853)

Vulnerability from cvelistv5 – Published: 2024-11-15 15:27 – Updated: 2024-11-15 16:49

Title

Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability

Summary

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

cisco

References

URL

Tags

	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco TelePresence Video Communication Server (VCS) Expressway	Affected: X8.11.2 Affected: X8.6 Affected: X8.11.3 Affected: X8.2.2 Affected: X8.8.3 Affected: X8.11.0 Affected: X12.5.2 Affected: X8.1.1 Affected: X8.9 Affected: X12.5.1 Affected: X12.5.6 Affected: X8.7.3 Affected: X12.6.0 Affected: X8.11.1 Affected: X8.5 Affected: X8.9.1 Affected: X8.10.2 Affected: X8.8.2 Affected: X8.5.3 Affected: X8.1 Affected: X8.9.2 Affected: X8.11.4 Affected: X12.5.4 Affected: X8.8.1 Affected: X8.2.1 Affected: X8.5.1 Affected: X8.6.1 Affected: X8.1.2 Affected: X8.8 Affected: X8.10.0 Affected: X12.5.3 Affected: X8.10.1 Affected: X12.5.7 Affected: X8.10.3 Affected: X8.7.1 Affected: X8.2 Affected: X12.5.8 Affected: X8.7 Affected: X8.5.2 Affected: X12.5.9 Affected: X12.5.0 Affected: X8.10.4 Affected: X8.7.2 Affected: X12.5.5 Affected: X12.6.1 Affected: X12.6.2 Affected: X12.6.3 Affected: X12.6.4 Affected: X12.7.0 Affected: X12.7.1 Affected: X14.0.0 Affected: X14.0.1 Affected: X14.0.2 Affected: X14.0.3 Affected: X14.0.4 Affected: X14.0.5 Affected: X14.0.6 Affected: X14.0.7 Affected: X14.0.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "telepresence_video_communication_server_software",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "x12.5.0"
              },
              {
                "status": "affected",
                "version": "x12.5.1"
              },
              {
                "status": "affected",
                "version": "x12.5.2"
              },
              {
                "status": "affected",
                "version": "x12.5.3"
              },
              {
                "status": "affected",
                "version": "x12.5.4"
              },
              {
                "status": "affected",
                "version": "x12.5.5"
              },
              {
                "status": "affected",
                "version": "x12.5.6"
              },
              {
                "status": "affected",
                "version": "x12.5.7"
              },
              {
                "status": "affected",
                "version": "x12.5.8"
              },
              {
                "status": "affected",
                "version": "x12.5.9"
              },
              {
                "status": "affected",
                "version": "x12.6.0"
              },
              {
                "status": "affected",
                "version": "x12.6.1"
              },
              {
                "status": "affected",
                "version": "x12.6.2"
              },
              {
                "status": "affected",
                "version": "x12.6.3"
              },
              {
                "status": "affected",
                "version": "x12.6.4"
              },
              {
                "status": "affected",
                "version": "x12.7.0"
              },
              {
                "status": "affected",
                "version": "x12.7.1"
              },
              {
                "status": "affected",
                "version": "x14.0.0"
              },
              {
                "status": "affected",
                "version": "x14.0.1"
              },
              {
                "status": "affected",
                "version": "x14.0.2"
              },
              {
                "status": "affected",
                "version": "x14.0.3"
              },
              {
                "status": "affected",
                "version": "x14.0.4"
              },
              {
                "status": "affected",
                "version": "x14.0.5"
              },
              {
                "status": "affected",
                "version": "x14.0.6"
              },
              {
                "status": "affected",
                "version": "x14.0.7"
              },
              {
                "status": "affected",
                "version": "x14.0.8"
              },
              {
                "status": "affected",
                "version": "x8.10.0"
              },
              {
                "status": "affected",
                "version": "x8.10.1"
              },
              {
                "status": "affected",
                "version": "x8.10.2"
              },
              {
                "status": "affected",
                "version": "x8.10.3"
              },
              {
                "status": "affected",
                "version": "x8.10.4"
              },
              {
                "status": "affected",
                "version": "x8.1.1"
              },
              {
                "status": "affected",
                "version": "x8.11.0"
              },
              {
                "status": "affected",
                "version": "x8.11.1"
              },
              {
                "status": "affected",
                "version": "x8.11.2"
              },
              {
                "status": "affected",
                "version": "x8.11.3"
              },
              {
                "status": "affected",
                "version": "x8.11.4"
              },
              {
                "status": "affected",
                "version": "x8.2"
              },
              {
                "status": "affected",
                "version": "x8.2.2"
              },
              {
                "status": "affected",
                "version": "x8.5"
              },
              {
                "status": "affected",
                "version": "x8.5.1"
              },
              {
                "status": "affected",
                "version": "x8.5.3"
              },
              {
                "status": "affected",
                "version": "x8.6"
              },
              {
                "status": "affected",
                "version": "x8.6.1"
              },
              {
                "status": "affected",
                "version": "x8.7"
              },
              {
                "status": "affected",
                "version": "x8.7.1"
              },
              {
                "status": "affected",
                "version": "x8.7.2"
              },
              {
                "status": "affected",
                "version": "x8.7.3"
              },
              {
                "status": "affected",
                "version": "x8.8"
              },
              {
                "status": "affected",
                "version": "x8.8.1"
              },
              {
                "status": "affected",
                "version": "x8.8.2"
              },
              {
                "status": "affected",
                "version": "x8.8.3"
              },
              {
                "status": "affected",
                "version": "x8.9"
              },
              {
                "status": "affected",
                "version": "x8.9.1"
              },
              {
                "status": "affected",
                "version": "x8.9.2"
              },
              {
                "status": "affected",
                "version": "x8.1"
              },
              {
                "status": "affected",
                "version": "x8.1.2"
              },
              {
                "status": "affected",
                "version": "x8.2.1"
              },
              {
                "status": "affected",
                "version": "x8.5.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20853",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:23:20.814823Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T16:49:00.733Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco TelePresence Video Communication Server (VCS) Expressway",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "X8.11.2"
            },
            {
              "status": "affected",
              "version": "X8.6"
            },
            {
              "status": "affected",
              "version": "X8.11.3"
            },
            {
              "status": "affected",
              "version": "X8.2.2"
            },
            {
              "status": "affected",
              "version": "X8.8.3"
            },
            {
              "status": "affected",
              "version": "X8.11.0"
            },
            {
              "status": "affected",
              "version": "X12.5.2"
            },
            {
              "status": "affected",
              "version": "X8.1.1"
            },
            {
              "status": "affected",
              "version": "X8.9"
            },
            {
              "status": "affected",
              "version": "X12.5.1"
            },
            {
              "status": "affected",
              "version": "X12.5.6"
            },
            {
              "status": "affected",
              "version": "X8.7.3"
            },
            {
              "status": "affected",
              "version": "X12.6.0"
            },
            {
              "status": "affected",
              "version": "X8.11.1"
            },
            {
              "status": "affected",
              "version": "X8.5"
            },
            {
              "status": "affected",
              "version": "X8.9.1"
            },
            {
              "status": "affected",
              "version": "X8.10.2"
            },
            {
              "status": "affected",
              "version": "X8.8.2"
            },
            {
              "status": "affected",
              "version": "X8.5.3"
            },
            {
              "status": "affected",
              "version": "X8.1"
            },
            {
              "status": "affected",
              "version": "X8.9.2"
            },
            {
              "status": "affected",
              "version": "X8.11.4"
            },
            {
              "status": "affected",
              "version": "X12.5.4"
            },
            {
              "status": "affected",
              "version": "X8.8.1"
            },
            {
              "status": "affected",
              "version": "X8.2.1"
            },
            {
              "status": "affected",
              "version": "X8.5.1"
            },
            {
              "status": "affected",
              "version": "X8.6.1"
            },
            {
              "status": "affected",
              "version": "X8.1.2"
            },
            {
              "status": "affected",
              "version": "X8.8"
            },
            {
              "status": "affected",
              "version": "X8.10.0"
            },
            {
              "status": "affected",
              "version": "X12.5.3"
            },
            {
              "status": "affected",
              "version": "X8.10.1"
            },
            {
              "status": "affected",
              "version": "X12.5.7"
            },
            {
              "status": "affected",
              "version": "X8.10.3"
            },
            {
              "status": "affected",
              "version": "X8.7.1"
            },
            {
              "status": "affected",
              "version": "X8.2"
            },
            {
              "status": "affected",
              "version": "X12.5.8"
            },
            {
              "status": "affected",
              "version": "X8.7"
            },
            {
              "status": "affected",
              "version": "X8.5.2"
            },
            {
              "status": "affected",
              "version": "X12.5.9"
            },
            {
              "status": "affected",
              "version": "X12.5.0"
            },
            {
              "status": "affected",
              "version": "X8.10.4"
            },
            {
              "status": "affected",
              "version": "X8.7.2"
            },
            {
              "status": "affected",
              "version": "X12.5.5"
            },
            {
              "status": "affected",
              "version": "X12.6.1"
            },
            {
              "status": "affected",
              "version": "X12.6.2"
            },
            {
              "status": "affected",
              "version": "X12.6.3"
            },
            {
              "status": "affected",
              "version": "X12.6.4"
            },
            {
              "status": "affected",
              "version": "X12.7.0"
            },
            {
              "status": "affected",
              "version": "X12.7.1"
            },
            {
              "status": "affected",
              "version": "X14.0.0"
            },
            {
              "status": "affected",
              "version": "X14.0.1"
            },
            {
              "status": "affected",
              "version": "X14.0.2"
            },
            {
              "status": "affected",
              "version": "X14.0.3"
            },
            {
              "status": "affected",
              "version": "X14.0.4"
            },
            {
              "status": "affected",
              "version": "X14.0.5"
            },
            {
              "status": "affected",
              "version": "X14.0.6"
            },
            {
              "status": "affected",
              "version": "X14.0.7"
            },
            {
              "status": "affected",
              "version": "X14.0.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the REST API of Cisco\u0026nbsp;Expressway Series and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\u0026nbsp;"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T15:27:23.911Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-expressway-csrf-sqpsSfY6",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention\u003c/strong\u003e: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see \u003ca href=\"https://www.cisco.com/c/en/us/products/security/secure-names.html\"\u003eMeet Cisco\u0026nbsp;Secure",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
        }
      ],
      "source": {
        "advisory": "cisco-sa-expressway-csrf-sqpsSfY6",
        "defects": [
          "CSCwa25097"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20853",
    "datePublished": "2024-11-15T15:27:23.911Z",
    "dateReserved": "2021-11-02T13:28:29.180Z",
    "dateUpdated": "2024-11-15T16:49:00.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-20853\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T16:23:20.814823Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"telepresence_video_communication_server_software\", \"versions\": [{\"status\": \"affected\", \"version\": \"x12.5.0\"}, {\"status\": \"affected\", \"version\": \"x12.5.1\"}, {\"status\": \"affected\", \"version\": \"x12.5.2\"}, {\"status\": \"affected\", \"version\": \"x12.5.3\"}, {\"status\": \"affected\", \"version\": \"x12.5.4\"}, {\"status\": \"affected\", \"version\": \"x12.5.5\"}, {\"status\": \"affected\", \"version\": \"x12.5.6\"}, {\"status\": \"affected\", \"version\": \"x12.5.7\"}, {\"status\": \"affected\", \"version\": \"x12.5.8\"}, {\"status\": \"affected\", \"version\": \"x12.5.9\"}, {\"status\": \"affected\", \"version\": \"x12.6.0\"}, {\"status\": \"affected\", \"version\": \"x12.6.1\"}, {\"status\": \"affected\", \"version\": \"x12.6.2\"}, {\"status\": \"affected\", \"version\": \"x12.6.3\"}, {\"status\": \"affected\", \"version\": \"x12.6.4\"}, {\"status\": \"affected\", \"version\": \"x12.7.0\"}, {\"status\": \"affected\", \"version\": \"x12.7.1\"}, {\"status\": \"affected\", \"version\": \"x14.0.0\"}, {\"status\": \"affected\", \"version\": \"x14.0.1\"}, {\"status\": \"affected\", \"version\": \"x14.0.2\"}, {\"status\": \"affected\", \"version\": \"x14.0.3\"}, {\"status\": \"affected\", \"version\": \"x14.0.4\"}, {\"status\": \"affected\", \"version\": \"x14.0.5\"}, {\"status\": \"affected\", \"version\": \"x14.0.6\"}, {\"status\": \"affected\", \"version\": \"x14.0.7\"}, {\"status\": \"affected\", \"version\": \"x14.0.8\"}, {\"status\": \"affected\", \"version\": \"x8.10.0\"}, {\"status\": \"affected\", \"version\": \"x8.10.1\"}, {\"status\": \"affected\", \"version\": \"x8.10.2\"}, {\"status\": \"affected\", \"version\": \"x8.10.3\"}, {\"status\": \"affected\", \"version\": \"x8.10.4\"}, {\"status\": \"affected\", \"version\": \"x8.1.1\"}, {\"status\": \"affected\", \"version\": \"x8.11.0\"}, {\"status\": \"affected\", \"version\": \"x8.11.1\"}, {\"status\": \"affected\", \"version\": \"x8.11.2\"}, {\"status\": \"affected\", \"version\": \"x8.11.3\"}, {\"status\": \"affected\", \"version\": \"x8.11.4\"}, {\"status\": \"affected\", \"version\": \"x8.2\"}, {\"status\": \"affected\", \"version\": \"x8.2.2\"}, {\"status\": \"affected\", \"version\": \"x8.5\"}, {\"status\": \"affected\", \"version\": \"x8.5.1\"}, {\"status\": \"affected\", \"version\": \"x8.5.3\"}, {\"status\": \"affected\", \"version\": \"x8.6\"}, {\"status\": \"affected\", \"version\": \"x8.6.1\"}, {\"status\": \"affected\", \"version\": \"x8.7\"}, {\"status\": \"affected\", \"version\": \"x8.7.1\"}, {\"status\": \"affected\", \"version\": \"x8.7.2\"}, {\"status\": \"affected\", \"version\": \"x8.7.3\"}, {\"status\": \"affected\", \"version\": \"x8.8\"}, {\"status\": \"affected\", \"version\": \"x8.8.1\"}, {\"status\": \"affected\", \"version\": \"x8.8.2\"}, {\"status\": \"affected\", \"version\": \"x8.8.3\"}, {\"status\": \"affected\", \"version\": \"x8.9\"}, {\"status\": \"affected\", \"version\": \"x8.9.1\"}, {\"status\": \"affected\", \"version\": \"x8.9.2\"}, {\"status\": \"affected\", \"version\": \"x8.1\"}, {\"status\": \"affected\", \"version\": \"x8.1.2\"}, {\"status\": \"affected\", \"version\": \"x8.2.1\"}, {\"status\": \"affected\", \"version\": \"x8.5.2\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T16:48:54.526Z\"}}], \"cna\": {\"title\": \"Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability\", \"source\": {\"defects\": [\"CSCwa25097\"], \"advisory\": \"cisco-sa-expressway-csrf-sqpsSfY6\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco TelePresence Video Communication Server (VCS) Expressway\", \"versions\": [{\"status\": \"affected\", \"version\": \"X8.11.2\"}, {\"status\": \"affected\", \"version\": \"X8.6\"}, {\"status\": \"affected\", \"version\": \"X8.11.3\"}, {\"status\": \"affected\", \"version\": \"X8.2.2\"}, {\"status\": \"affected\", \"version\": \"X8.8.3\"}, {\"status\": \"affected\", \"version\": \"X8.11.0\"}, {\"status\": \"affected\", \"version\": \"X12.5.2\"}, {\"status\": \"affected\", \"version\": \"X8.1.1\"}, {\"status\": \"affected\", \"version\": \"X8.9\"}, {\"status\": \"affected\", \"version\": \"X12.5.1\"}, {\"status\": \"affected\", \"version\": \"X12.5.6\"}, {\"status\": \"affected\", \"version\": \"X8.7.3\"}, {\"status\": \"affected\", \"version\": \"X12.6.0\"}, {\"status\": \"affected\", \"version\": \"X8.11.1\"}, {\"status\": \"affected\", \"version\": \"X8.5\"}, {\"status\": \"affected\", \"version\": \"X8.9.1\"}, {\"status\": \"affected\", \"version\": \"X8.10.2\"}, {\"status\": \"affected\", \"version\": \"X8.8.2\"}, {\"status\": \"affected\", \"version\": \"X8.5.3\"}, {\"status\": \"affected\", \"version\": \"X8.1\"}, {\"status\": \"affected\", \"version\": \"X8.9.2\"}, {\"status\": \"affected\", \"version\": \"X8.11.4\"}, {\"status\": \"affected\", \"version\": \"X12.5.4\"}, {\"status\": \"affected\", \"version\": \"X8.8.1\"}, {\"status\": \"affected\", \"version\": \"X8.2.1\"}, {\"status\": \"affected\", \"version\": \"X8.5.1\"}, {\"status\": \"affected\", \"version\": \"X8.6.1\"}, {\"status\": \"affected\", \"version\": \"X8.1.2\"}, {\"status\": \"affected\", \"version\": \"X8.8\"}, {\"status\": \"affected\", \"version\": \"X8.10.0\"}, {\"status\": \"affected\", \"version\": \"X12.5.3\"}, {\"status\": \"affected\", \"version\": \"X8.10.1\"}, {\"status\": \"affected\", \"version\": \"X12.5.7\"}, {\"status\": \"affected\", \"version\": \"X8.10.3\"}, {\"status\": \"affected\", \"version\": \"X8.7.1\"}, {\"status\": \"affected\", \"version\": \"X8.2\"}, {\"status\": \"affected\", \"version\": \"X12.5.8\"}, {\"status\": \"affected\", \"version\": \"X8.7\"}, {\"status\": \"affected\", \"version\": \"X8.5.2\"}, {\"status\": \"affected\", \"version\": \"X12.5.9\"}, {\"status\": \"affected\", \"version\": \"X12.5.0\"}, {\"status\": \"affected\", \"version\": \"X8.10.4\"}, {\"status\": \"affected\", \"version\": \"X8.7.2\"}, {\"status\": \"affected\", \"version\": \"X12.5.5\"}, {\"status\": \"affected\", \"version\": \"X12.6.1\"}, {\"status\": \"affected\", \"version\": \"X12.6.2\"}, {\"status\": \"affected\", \"version\": \"X12.6.3\"}, {\"status\": \"affected\", \"version\": \"X12.6.4\"}, {\"status\": \"affected\", \"version\": \"X12.7.0\"}, {\"status\": \"affected\", \"version\": \"X12.7.1\"}, {\"status\": \"affected\", \"version\": \"X14.0.0\"}, {\"status\": \"affected\", \"version\": \"X14.0.1\"}, {\"status\": \"affected\", \"version\": \"X14.0.2\"}, {\"status\": \"affected\", \"version\": \"X14.0.3\"}, {\"status\": \"affected\", \"version\": \"X14.0.4\"}, {\"status\": \"affected\", \"version\": \"X14.0.5\"}, {\"status\": \"affected\", \"version\": \"X14.0.6\"}, {\"status\": \"affected\", \"version\": \"X14.0.7\"}, {\"status\": \"affected\", \"version\": \"X14.0.8\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco\\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6\", \"name\": \"cisco-sa-expressway-csrf-sqpsSfY6\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention\u003c/strong\u003e: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see \u003ca href=\\\"https://www.cisco.com/c/en/us/products/security/secure-names.html\\\"\u003eMeet Cisco\u0026nbsp;Secure\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the REST API of Cisco\u0026nbsp;Expressway Series and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\\r\\n\\r\\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.\\r\\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\u0026nbsp;\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-352\", \"description\": \"Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-11-15T15:27:23.911Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-20853\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T16:49:00.733Z\", \"dateReserved\": \"2021-11-02T13:28:29.180Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-11-15T15:27:23.911Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2022-AVI-885

Vulnerability from certfr_avis - Published: 2022-10-06 - Updated: 2022-10-06

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges, un déni de service à distance et une injection de requêtes illégitimes par rebond (CSRF).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Expressway Series	Cisco Expressway Series versions antérieures à 14.2
Cisco	N/A	Cisco Enterprise NFVIS versions antérieures à 4.9.1
Cisco	TelePresence VCS	Cisco TelePresence VCS versions antérieures à 14.2

References

Title

Publication Time

GHSA-PG6H-M56F-Q74P

Vulnerability from github – Published: 2024-11-15 18:30 – Updated: 2024-11-15 18:30

Details

This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Severity ?

7.4 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-20853"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-15T16:15:23Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the REST API of Cisco\u0026nbsp;Expressway Series and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\n\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\u0026nbsp;",
  "id": "GHSA-pg6h-m56f-q74p",
  "modified": "2024-11-15T18:30:50Z",
  "published": "2024-11-15T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20853"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-20853

Vulnerability from fstec - Published: 05.10.2022

Title

Description

Уязвимость веб-интерфейса управления микропрограммного обеспечения шлюзов Cisco Expressway и микропрограммного обеспечения устройств управления вызовами Cisco TelePresence Video Communication Server связана с подделкой межсайтовых запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, осуществить CSRF-атаку с помощью специально созданной вредоносной ссылки

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco Expressway, TelePresence Video Communication Server

Software Version

до 14.0.9 (Cisco Expressway), до 14.0.9 (TelePresence Video Communication Server)

Possible Mitigations

Использование рекомендаций: https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html

Reference

https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html

CWE

CWE-352

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 14.0.9 (Cisco Expressway), \u0434\u043e 14.0.9 (TelePresence Video Communication Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.10.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.10.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.10.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-06331",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-20853",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco Expressway, TelePresence Video Communication Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0448\u043b\u044e\u0437\u043e\u0432 Cisco Expressway \u0438 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u0437\u043e\u0432\u0430\u043c\u0438 Cisco TelePresence Video Communication Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c CSRF-\u0430\u0442\u0430\u043a\u0443",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (CWE-352)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0448\u043b\u044e\u0437\u043e\u0432 Cisco Expressway \u0438 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u0437\u043e\u0432\u0430\u043c\u0438 Cisco TelePresence Video Communication Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c CSRF-\u0430\u0442\u0430\u043a\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0441\u0441\u044b\u043b\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-352",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,4)"
}

GSD-2022-20853

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2022-20853

Aliases

CVE-2022-20853

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-20853",
    "id": "GSD-2022-20853"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-20853"
      ],
      "id": "GSD-2022-20853",
      "modified": "2023-12-13T01:19:17.011956Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-20853",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

FKIE_CVE-2022-20853

Vulnerability from fkie_nvd - Published: 2024-11-15 16:15 - Updated: 2025-07-31 15:44

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU	Not Applicable
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv	Not Applicable
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6	Vendor Advisory
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8	Not Applicable

Impacted products

Vendor	Product	Version
cisco	telepresence_video_communication_server	x8.1
cisco	telepresence_video_communication_server	x8.1.1
cisco	telepresence_video_communication_server	x8.1.2
cisco	telepresence_video_communication_server	x8.2
cisco	telepresence_video_communication_server	x8.2.1
cisco	telepresence_video_communication_server	x8.2.2
cisco	telepresence_video_communication_server	x8.5
cisco	telepresence_video_communication_server	x8.5.1
cisco	telepresence_video_communication_server	x8.5.2
cisco	telepresence_video_communication_server	x8.5.3
cisco	telepresence_video_communication_server	x8.6
cisco	telepresence_video_communication_server	x8.6.1
cisco	telepresence_video_communication_server	x8.7
cisco	telepresence_video_communication_server	x8.7.1
cisco	telepresence_video_communication_server	x8.7.2
cisco	telepresence_video_communication_server	x8.7.3
cisco	telepresence_video_communication_server	x8.8
cisco	telepresence_video_communication_server	x8.8.1
cisco	telepresence_video_communication_server	x8.8.2
cisco	telepresence_video_communication_server	x8.8.3
cisco	telepresence_video_communication_server	x8.9
cisco	telepresence_video_communication_server	x8.9.1
cisco	telepresence_video_communication_server	x8.9.2
cisco	telepresence_video_communication_server	x8.10.0
cisco	telepresence_video_communication_server	x8.10.1
cisco	telepresence_video_communication_server	x8.10.2
cisco	telepresence_video_communication_server	x8.10.3
cisco	telepresence_video_communication_server	x8.10.4
cisco	telepresence_video_communication_server	x8.11.0
cisco	telepresence_video_communication_server	x8.11.1
cisco	telepresence_video_communication_server	x8.11.2
cisco	telepresence_video_communication_server	x8.11.3
cisco	telepresence_video_communication_server	x8.11.4
cisco	telepresence_video_communication_server	x12.5.0
cisco	telepresence_video_communication_server	x12.5.1
cisco	telepresence_video_communication_server	x12.5.2
cisco	telepresence_video_communication_server	x12.5.3
cisco	telepresence_video_communication_server	x12.5.4
cisco	telepresence_video_communication_server	x12.5.5
cisco	telepresence_video_communication_server	x12.5.6
cisco	telepresence_video_communication_server	x12.5.7
cisco	telepresence_video_communication_server	x12.5.8
cisco	telepresence_video_communication_server	x12.5.9
cisco	telepresence_video_communication_server	x12.6.0
cisco	telepresence_video_communication_server	x12.6.1
cisco	telepresence_video_communication_server	x12.6.2
cisco	telepresence_video_communication_server	x12.6.3
cisco	telepresence_video_communication_server	x12.6.4
cisco	telepresence_video_communication_server	x12.7.0
cisco	telepresence_video_communication_server	x12.7.1
cisco	telepresence_video_communication_server	x14.0.0
cisco	telepresence_video_communication_server	x14.0.1
cisco	telepresence_video_communication_server	x14.0.2
cisco	telepresence_video_communication_server	x14.0.3
cisco	telepresence_video_communication_server	x14.0.4
cisco	telepresence_video_communication_server	x14.0.5
cisco	telepresence_video_communication_server	x14.0.6
cisco	telepresence_video_communication_server	x14.0.7
cisco	telepresence_video_communication_server	x14.0.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "73A2A365-59AA-48B9-9ABF-914C2B80C7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "98BDD88B-DF43-4F7C-A6C0-1EECE9C85355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "BE860BF8-AC42-4C10-BC65-9DBF8050E682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "C03A7AEA-8411-4693-84A9-7ADC7F08D87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "0D98AE26-55C9-4BA7-B82C-5B328E689418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "D50E9F77-0575-43E0-AF83-9A932F4D4F73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "9F91E793-E37D-4823-B078-DA96AB422967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "3F16B185-879A-4BA8-B4EB-B032FC8B9674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "5D58C2C4-F0CB-440A-885A-173DC9B5D32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "95FC0285-58F4-4C17-9DB0-0A495A7FE9BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "E9BB8E50-74EF-4726-A069-C90B09201593",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "8AEF5B51-8609-40D8-A01B-6696B012FCB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "C0DCF6AA-84C1-4B1A-80B0-6942707D9CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "1590C980-506C-4689-AA91-6C647CC3AF28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "4E9D0839-13E1-4C95-AFEF-3071A977AB5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "6E714552-FDEF-4971-959F-3615E34E6F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "20A5441C-7798-4EAD-9428-6DA4EF354807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "1BE2198F-DF53-497E-9945-062ADD3787F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "0D7C383F-30E2-4F22-B35D-B73671D1BBCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "B478B2B7-269C-4813-A004-225D90715A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "CBEB2506-7F1B-4227-B5BD-47B28778D7AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "A000BA48-4ABC-46D4-89EB-CEA8D754B708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "66CBF53D-4174-463A-B902-E50FF63E39B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "BFFD53C6-D23A-4CEC-AD1C-7D6A8B920566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "F642A732-BA7E-493F-BE62-273997AF3328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "76688320-EE54-4662-BE15-F721EA55D5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "7C3B3879-FCDF-4D12-9B81-24EC70FF6CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "F0B562E3-5E36-4899-A57A-90E653737B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "EA6FF488-FBED-40E6-92CC-39B8749171C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "F84981B5-0E55-40D6-92F9-57C03A24A44A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "A9A37F14-5F65-4C99-A0E2-EACABEDF2286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "6F7DC504-15CA-4D44-90E5-5684F474A7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "36BD629F-0183-41C2-9547-08EAE359BD00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "26301BB9-38C0-473F-9FAF-E5DF70E29A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "29C38DD2-E763-4B59-83C7-050D08D91637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "684A39DB-7850-4932-922D-9E7A62FC608A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "81B09C18-F930-4B67-8309-7FA0889039C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "E172DA2A-37B4-4387-AE92-0F0D4F60F736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "D09EB9B0-5212-4E32-95E9-93BEC53B4AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "2221FF76-F13A-4E8D-88EB-2757AB6DCDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "FBEE5E76-A827-4031-B1C1-4961C277C5F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "156F7D5E-DC54-4687-B80F-3281C779135F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "8BDFCFC1-8230-4051-9B5D-73349C288E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "98E3BF27-037E-474F-B55A-12750943499D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "9F2CF11F-735B-458F-9F2F-8E2322FC39DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "22089B78-2048-4192-826B-76AA3FAE7E22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "C826FD6A-948C-4B09-8061-E800BD6E1963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "2CE43D3E-BC2F-4CBC-8213-13028B88B1B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "60DF84F3-B71E-4860-A6B7-61AB5D201702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "06852E84-8BEC-403D-BB70-07A4F51054E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "EDDF2FE3-585A-4A3D-9E14-A8AE02301223",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "6C6A62AC-7214-4FB0-A2C9-82BDEE6D7C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "7090851D-B154-435B-8F25-06E365334D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "D1A6AB08-E97C-4865-B225-0EA77AA73366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "0EE6F371-C8E2-4B4E-855E-882395C02801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "711A5AE8-087C-4471-BA1B-C3B70EED1427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "4B0339D9-9CA8-4376-A60B-94429B993E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "3AA3FAD1-7F25-4D57-AA14-822CDE7FE0FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "9F656226-EAB4-4B9D-965B-872FA62BDA26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the REST API of Cisco\u0026nbsp;Expressway Series and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\u0026nbsp;"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la API REST de Cisco Expressway Series y Cisco TelePresence VCS podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de Cross-Site Request Forgery (CSRF) en un sistema afectado. Esta vulnerabilidad se debe a que no hay suficientes protecciones CSRF para la interfaz de administraci\u00f3n basada en web de un sistema afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de la API REST para que siga un enlace manipulado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el sistema afectado se recargue. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."
    }
  ],
  "id": "CVE-2022-20853",
  "lastModified": "2025-07-31T15:44:08.457",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-11-15T16:15:23.540",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-20853 (GCVE-0-2022-20853)

CERTFR-2022-AVI-885

Solution

GHSA-PG6H-M56F-Q74P

CVE-2022-20853

GSD-2022-20853

FKIE_CVE-2022-20853

Tags

Sightings

Nomenclature