CVE-2022-20807

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:expressway:*:*:*

History

09 Jun 2022, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
First Time Cisco
Cisco telepresence Video Communication Server
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV - Vendor Advisory
CPE cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:expressway:*:*:*
CWE CWE-532

02 Jun 2022, 14:15

Type Values Removed Values Added
Summary Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

27 May 2022, 14:24

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-27 14:15

Updated : 2022-06-09 14:15


NVD link : CVE-2022-20807

Mitre link : CVE-2022-20807


JSON object : View

Products Affected

cisco

  • telepresence_video_communication_server
CWE
CWE-532

Insertion of Sensitive Information into Log File