var-202205-1535
Vulnerability from variot
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Expressway Series is a software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping remote workers work more efficiently on the device of their choice. An attacker could exploit this vulnerability to retrieve files from the local system, resulting in the disclosure of sensitive information on the affected system. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1535",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telepresence video communication server",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "x14.0.7"
},
{
"model": "cisco telepresence video communication server \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco telepresence video communication server \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco telepresence video communication server \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "cisco telepresence video communication server software"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011225"
},
{
"db": "NVD",
"id": "CVE-2022-20807"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:expressway:*:*:*",
"cpe_name": [],
"versionEndIncluding": "x14.0.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20807"
}
]
},
"cve": "CVE-2022-20807",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-20807",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-405360",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-20807",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-20807",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20807",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3723",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-405360",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405360"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011225"
},
{
"db": "NVD",
"id": "CVE-2022-20807"
},
{
"db": "NVD",
"id": "CVE-2022-20807"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3723"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Expressway Series is a software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping remote workers work more efficiently on the device of their choice. An attacker could exploit this vulnerability to retrieve files from the local system, resulting in the disclosure of sensitive information on the affected system. \nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. \nThis advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20807"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011225"
},
{
"db": "VULHUB",
"id": "VHN-405360"
},
{
"db": "VULMON",
"id": "CVE-2022-20807"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20807",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011225",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3723",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022051906",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-405360",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20807",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405360"
},
{
"db": "VULMON",
"id": "CVE-2022-20807"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011225"
},
{
"db": "NVD",
"id": "CVE-2022-20807"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3723"
}
]
},
"id": "VAR-202205-1535",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405360"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:22:23.291000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-expressway-filewrite-bsFVwueV",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-filewrite-bsfvwuev"
},
{
"title": "Cisco Expressway Series and TelePresence Video Communication Server Repair measures for log information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195510"
},
{
"title": "Cisco: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-expressway-filewrite-bsfvwuev"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20807"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011225"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3723"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.1
},
{
"problemtype": "Information leakage from log files (CWE-532) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405360"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011225"
},
{
"db": "NVD",
"id": "CVE-2022-20807"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-filewrite-bsfvwuev"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20807"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20807/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051906"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405360"
},
{
"db": "VULMON",
"id": "CVE-2022-20807"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011225"
},
{
"db": "NVD",
"id": "CVE-2022-20807"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3723"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405360"
},
{
"db": "VULMON",
"id": "CVE-2022-20807"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011225"
},
{
"db": "NVD",
"id": "CVE-2022-20807"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3723"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-27T00:00:00",
"db": "VULHUB",
"id": "VHN-405360"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011225"
},
{
"date": "2022-05-27T14:15:08.833000",
"db": "NVD",
"id": "CVE-2022-20807"
},
{
"date": "2022-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3723"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-405360"
},
{
"date": "2023-08-21T05:40:00",
"db": "JVNDB",
"id": "JVNDB-2022-011225"
},
{
"date": "2023-11-07T03:43:00.380000",
"db": "NVD",
"id": "CVE-2022-20807"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3723"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3723"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Expressway\u00a0Series\u00a0 and \u00a0Cisco\u00a0TelePresence\u00a0Video\u00a0Communication\u00a0Server\u00a0 Vulnerability regarding information leakage from log files in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011225"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3723"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.