Print Page - Cisco Security Advisory - Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Title: Cisco Security Advisory - Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Post by: Netwörkheäd on July 07, 2022, 06:10:05 PM

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device.
Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device.
For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH</a>

Security Impact Rating: Critical

CVE: CVE-2022-20812,CVE-2022-20813
Source: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Expressway%20Series%20and%20Cisco%20TelePresence%20Video%20Communication%20Server%20Vulnerabilities&vs_k=1)

Networking-Forums.com

Professional Discussions => Vendor Advisories => Topic started by: Netwörkheäd on July 07, 2022, 06:10:05 PM