Vulnerability in Cisco Telepresence Video Communication Server (Vcs) Expressway
CVE-2022-20814
A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to…
Vulnerability class: Improper Certificate Validation
EPSS: 0.001 (31.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Cisco Telepresence Video Communication Server (Vcs) Expressway — versions X8.11.2, X8.6, X8.11.3
Weakness classification (CWE)
References
- cisco-sa-expressway-csrf-sqpsSfY6
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt</a></p><p>This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74840">Cisco Event Response: September 2022 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6</a></p><p>This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74840">Cisco Event Response: September 2022 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2</a></p><p>This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74840">Cisco Event Response: September 2022 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication
Frequently asked questions
- What is CVE-2022-20814?
- CVE-2022-20814 is a high-severity vulnerability in Cisco Telepresence Video Communication Server (Vcs) Expressway, classified under Improper Certificate Validation. CVSS score: 7.4/10. Published 2024-11-15.
- How severe is CVE-2022-20814?
- High severity. CVSS v3 base score is 7.4 out of 10.