CVE-2022-20853: Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability
First published: Fri Nov 15 2024(Updated: )
A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco TelePresence VCS and Expressway Major | ||
| Cisco TelePresence Video Communication Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8
Frequently Asked Questions
What is the severity of CVE-2022-20853?
CVE-2022-20853 is classified as a medium severity vulnerability due to its potential for unauthorized remote access.
How do I fix CVE-2022-20853?
To mitigate CVE-2022-20853, apply the latest security patches provided by Cisco for the affected Cisco Expressway Series and Cisco TelePresence VCS products.
What systems are affected by CVE-2022-20853?
CVE-2022-20853 affects the Cisco Expressway Series and Cisco TelePresence VCS systems.
What type of attack does CVE-2022-20853 enable?
CVE-2022-20853 enables an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack.
Is authentication required to exploit CVE-2022-20853?
No, CVE-2022-20853 can be exploited by an unauthenticated attacker without the need for authentication.
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco telepresence vcs and expressway major
- canonical/cisco telepresence video communication server