First published: Fri May 27 2022(Updated: )
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Video Communication Server | <=x14.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-20807 is a vulnerability in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device.
CVE-2022-20807 has a severity rating of 6.5 out of 10, which is considered medium.
CVE-2022-20807 affects Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) versions up to and including x14.0.7.
An authenticated, remote attacker can exploit CVE-2022-20807 to write files or disclose sensitive information on an affected device.
You can find more information about CVE-2022-20807 at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV)