Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
CVE-2022-20754

9CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Telepresence Video Communication Server (vcs) Expressway
Vendor: CVE Published:; 6 April 2022

Badges

👾 Exploit Exists

Summary

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.

Affected Version(s)

Cisco TelePresence Video Communication Server (VCS) Expressway

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Apr 6, 2022
Vulnerability Reserved
Nov 2, 2021