cisco-sa-expressway-csrf-sqpsSfY6: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

First published: Wed Oct 05 2022(Updated: )

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow a remote attacker to bypass certificate validation or conduct cross-site request forgery attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6

Credit: CVE-2022-20812 was found during internal security testing by Jason Crowder the Cisco Advanced Security Initiatives GroupCVE-2022-20814 was found during internal security testing by Deklan Evans the Cisco ASIG

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/title
• agent/tags
• agent/event
• agent/weakness
• agent/references
• agent/author
• agent/severity
• agent/type
• agent/description
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• collector/cisco-advisory
• source/Cisco
• agent/software-canonical-lookup
• vendor/cisco
• canonical/cisco expressway series
• version/cisco expressway series/.0
• version/cisco expressway series/14.0
• canonical/cisco telepresence vcs
• version/cisco telepresence vcs/.0
• version/cisco telepresence vcs/14.0