CVE-2022-20853 (GCVE-0-2022-20853)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:27 – Updated: 2024-11-15 16:49
VLAI
Title
Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability
Summary
A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco TelePresence Video Communication Server (VCS) Expressway |
Affected:
X8.11.2
Affected: X8.6 Affected: X8.11.3 Affected: X8.2.2 Affected: X8.8.3 Affected: X8.11.0 Affected: X12.5.2 Affected: X8.1.1 Affected: X8.9 Affected: X12.5.1 Affected: X12.5.6 Affected: X8.7.3 Affected: X12.6.0 Affected: X8.11.1 Affected: X8.5 Affected: X8.9.1 Affected: X8.10.2 Affected: X8.8.2 Affected: X8.5.3 Affected: X8.1 Affected: X8.9.2 Affected: X8.11.4 Affected: X12.5.4 Affected: X8.8.1 Affected: X8.2.1 Affected: X8.5.1 Affected: X8.6.1 Affected: X8.1.2 Affected: X8.8 Affected: X8.10.0 Affected: X12.5.3 Affected: X8.10.1 Affected: X12.5.7 Affected: X8.10.3 Affected: X8.7.1 Affected: X8.2 Affected: X12.5.8 Affected: X8.7 Affected: X8.5.2 Affected: X12.5.9 Affected: X12.5.0 Affected: X8.10.4 Affected: X8.7.2 Affected: X12.5.5 Affected: X12.6.1 Affected: X12.6.2 Affected: X12.6.3 Affected: X12.6.4 Affected: X12.7.0 Affected: X12.7.1 Affected: X14.0.0 Affected: X14.0.1 Affected: X14.0.2 Affected: X14.0.3 Affected: X14.0.4 Affected: X14.0.5 Affected: X14.0.6 Affected: X14.0.7 Affected: X14.0.8 |
|
| cisco | telepresence_video_communication_server_software |
Affected:
x12.5.0
Affected: x12.5.1 Affected: x12.5.2 Affected: x12.5.3 Affected: x12.5.4 Affected: x12.5.5 Affected: x12.5.6 Affected: x12.5.7 Affected: x12.5.8 Affected: x12.5.9 Affected: x12.6.0 Affected: x12.6.1 Affected: x12.6.2 Affected: x12.6.3 Affected: x12.6.4 Affected: x12.7.0 Affected: x12.7.1 Affected: x14.0.0 Affected: x14.0.1 Affected: x14.0.2 Affected: x14.0.3 Affected: x14.0.4 Affected: x14.0.5 Affected: x14.0.6 Affected: x14.0.7 Affected: x14.0.8 Affected: x8.10.0 Affected: x8.10.1 Affected: x8.10.2 Affected: x8.10.3 Affected: x8.10.4 Affected: x8.1.1 Affected: x8.11.0 Affected: x8.11.1 Affected: x8.11.2 Affected: x8.11.3 Affected: x8.11.4 Affected: x8.2 Affected: x8.2.2 Affected: x8.5 Affected: x8.5.1 Affected: x8.5.3 Affected: x8.6 Affected: x8.6.1 Affected: x8.7 Affected: x8.7.1 Affected: x8.7.2 Affected: x8.7.3 Affected: x8.8 Affected: x8.8.1 Affected: x8.8.2 Affected: x8.8.3 Affected: x8.9 Affected: x8.9.1 Affected: x8.9.2 Affected: x8.1 Affected: x8.1.2 Affected: x8.2.1 Affected: x8.5.2 cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "telepresence_video_communication_server_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "x12.5.0"
},
{
"status": "affected",
"version": "x12.5.1"
},
{
"status": "affected",
"version": "x12.5.2"
},
{
"status": "affected",
"version": "x12.5.3"
},
{
"status": "affected",
"version": "x12.5.4"
},
{
"status": "affected",
"version": "x12.5.5"
},
{
"status": "affected",
"version": "x12.5.6"
},
{
"status": "affected",
"version": "x12.5.7"
},
{
"status": "affected",
"version": "x12.5.8"
},
{
"status": "affected",
"version": "x12.5.9"
},
{
"status": "affected",
"version": "x12.6.0"
},
{
"status": "affected",
"version": "x12.6.1"
},
{
"status": "affected",
"version": "x12.6.2"
},
{
"status": "affected",
"version": "x12.6.3"
},
{
"status": "affected",
"version": "x12.6.4"
},
{
"status": "affected",
"version": "x12.7.0"
},
{
"status": "affected",
"version": "x12.7.1"
},
{
"status": "affected",
"version": "x14.0.0"
},
{
"status": "affected",
"version": "x14.0.1"
},
{
"status": "affected",
"version": "x14.0.2"
},
{
"status": "affected",
"version": "x14.0.3"
},
{
"status": "affected",
"version": "x14.0.4"
},
{
"status": "affected",
"version": "x14.0.5"
},
{
"status": "affected",
"version": "x14.0.6"
},
{
"status": "affected",
"version": "x14.0.7"
},
{
"status": "affected",
"version": "x14.0.8"
},
{
"status": "affected",
"version": "x8.10.0"
},
{
"status": "affected",
"version": "x8.10.1"
},
{
"status": "affected",
"version": "x8.10.2"
},
{
"status": "affected",
"version": "x8.10.3"
},
{
"status": "affected",
"version": "x8.10.4"
},
{
"status": "affected",
"version": "x8.1.1"
},
{
"status": "affected",
"version": "x8.11.0"
},
{
"status": "affected",
"version": "x8.11.1"
},
{
"status": "affected",
"version": "x8.11.2"
},
{
"status": "affected",
"version": "x8.11.3"
},
{
"status": "affected",
"version": "x8.11.4"
},
{
"status": "affected",
"version": "x8.2"
},
{
"status": "affected",
"version": "x8.2.2"
},
{
"status": "affected",
"version": "x8.5"
},
{
"status": "affected",
"version": "x8.5.1"
},
{
"status": "affected",
"version": "x8.5.3"
},
{
"status": "affected",
"version": "x8.6"
},
{
"status": "affected",
"version": "x8.6.1"
},
{
"status": "affected",
"version": "x8.7"
},
{
"status": "affected",
"version": "x8.7.1"
},
{
"status": "affected",
"version": "x8.7.2"
},
{
"status": "affected",
"version": "x8.7.3"
},
{
"status": "affected",
"version": "x8.8"
},
{
"status": "affected",
"version": "x8.8.1"
},
{
"status": "affected",
"version": "x8.8.2"
},
{
"status": "affected",
"version": "x8.8.3"
},
{
"status": "affected",
"version": "x8.9"
},
{
"status": "affected",
"version": "x8.9.1"
},
{
"status": "affected",
"version": "x8.9.2"
},
{
"status": "affected",
"version": "x8.1"
},
{
"status": "affected",
"version": "x8.1.2"
},
{
"status": "affected",
"version": "x8.2.1"
},
{
"status": "affected",
"version": "x8.5.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:23:20.814823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T16:49:00.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco TelePresence Video Communication Server (VCS) Expressway",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "X8.11.2"
},
{
"status": "affected",
"version": "X8.6"
},
{
"status": "affected",
"version": "X8.11.3"
},
{
"status": "affected",
"version": "X8.2.2"
},
{
"status": "affected",
"version": "X8.8.3"
},
{
"status": "affected",
"version": "X8.11.0"
},
{
"status": "affected",
"version": "X12.5.2"
},
{
"status": "affected",
"version": "X8.1.1"
},
{
"status": "affected",
"version": "X8.9"
},
{
"status": "affected",
"version": "X12.5.1"
},
{
"status": "affected",
"version": "X12.5.6"
},
{
"status": "affected",
"version": "X8.7.3"
},
{
"status": "affected",
"version": "X12.6.0"
},
{
"status": "affected",
"version": "X8.11.1"
},
{
"status": "affected",
"version": "X8.5"
},
{
"status": "affected",
"version": "X8.9.1"
},
{
"status": "affected",
"version": "X8.10.2"
},
{
"status": "affected",
"version": "X8.8.2"
},
{
"status": "affected",
"version": "X8.5.3"
},
{
"status": "affected",
"version": "X8.1"
},
{
"status": "affected",
"version": "X8.9.2"
},
{
"status": "affected",
"version": "X8.11.4"
},
{
"status": "affected",
"version": "X12.5.4"
},
{
"status": "affected",
"version": "X8.8.1"
},
{
"status": "affected",
"version": "X8.2.1"
},
{
"status": "affected",
"version": "X8.5.1"
},
{
"status": "affected",
"version": "X8.6.1"
},
{
"status": "affected",
"version": "X8.1.2"
},
{
"status": "affected",
"version": "X8.8"
},
{
"status": "affected",
"version": "X8.10.0"
},
{
"status": "affected",
"version": "X12.5.3"
},
{
"status": "affected",
"version": "X8.10.1"
},
{
"status": "affected",
"version": "X12.5.7"
},
{
"status": "affected",
"version": "X8.10.3"
},
{
"status": "affected",
"version": "X8.7.1"
},
{
"status": "affected",
"version": "X8.2"
},
{
"status": "affected",
"version": "X12.5.8"
},
{
"status": "affected",
"version": "X8.7"
},
{
"status": "affected",
"version": "X8.5.2"
},
{
"status": "affected",
"version": "X12.5.9"
},
{
"status": "affected",
"version": "X12.5.0"
},
{
"status": "affected",
"version": "X8.10.4"
},
{
"status": "affected",
"version": "X8.7.2"
},
{
"status": "affected",
"version": "X12.5.5"
},
{
"status": "affected",
"version": "X12.6.1"
},
{
"status": "affected",
"version": "X12.6.2"
},
{
"status": "affected",
"version": "X12.6.3"
},
{
"status": "affected",
"version": "X12.6.4"
},
{
"status": "affected",
"version": "X12.7.0"
},
{
"status": "affected",
"version": "X12.7.1"
},
{
"status": "affected",
"version": "X14.0.0"
},
{
"status": "affected",
"version": "X14.0.1"
},
{
"status": "affected",
"version": "X14.0.2"
},
{
"status": "affected",
"version": "X14.0.3"
},
{
"status": "affected",
"version": "X14.0.4"
},
{
"status": "affected",
"version": "X14.0.5"
},
{
"status": "affected",
"version": "X14.0.6"
},
{
"status": "affected",
"version": "X14.0.7"
},
{
"status": "affected",
"version": "X14.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the REST API of Cisco\u0026nbsp;Expressway Series and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\u0026nbsp;"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:27:23.911Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-expressway-csrf-sqpsSfY6",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention\u003c/strong\u003e: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see \u003ca href=\"https://www.cisco.com/c/en/us/products/security/secure-names.html\"\u003eMeet Cisco\u0026nbsp;Secure",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
}
],
"source": {
"advisory": "cisco-sa-expressway-csrf-sqpsSfY6",
"defects": [
"CSCwa25097"
],
"discovery": "INTERNAL"
},
"title": "Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20853",
"datePublished": "2024-11-15T15:27:23.911Z",
"dateReserved": "2021-11-02T13:28:29.180Z",
"dateUpdated": "2024-11-15T16:49:00.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-20853",
"date": "2026-06-30",
"epss": "0.00615",
"percentile": "0.44941"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-20853\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2024-11-15T16:15:23.540\",\"lastModified\":\"2026-06-17T04:25:15.623\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the REST API of Cisco\u0026nbsp;Expressway Series and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\\r\\n\\r\\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.\\r\\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\u0026nbsp;\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la API REST de Cisco Expressway Series y Cisco TelePresence VCS podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de Cross-Site Request Forgery (CSRF) en un sistema afectado. Esta vulnerabilidad se debe a que no hay suficientes protecciones CSRF para la interfaz de administraci\u00f3n basada en web de un sistema afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de la API REST para que siga un enlace manipulado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el sistema afectado se recargue. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad.\"}],\"affected\":[{\"source\":\"psirt@cisco.com\",\"affectedData\":[{\"vendor\":\"Cisco\",\"product\":\"Cisco TelePresence Video Communication Server (VCS) Expressway\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"X8.11.2\",\"status\":\"affected\"},{\"version\":\"X8.6\",\"status\":\"affected\"},{\"version\":\"X8.11.3\",\"status\":\"affected\"},{\"version\":\"X8.2.2\",\"status\":\"affected\"},{\"version\":\"X8.8.3\",\"status\":\"affected\"},{\"version\":\"X8.11.0\",\"status\":\"affected\"},{\"version\":\"X12.5.2\",\"status\":\"affected\"},{\"version\":\"X8.1.1\",\"status\":\"affected\"},{\"version\":\"X8.9\",\"status\":\"affected\"},{\"version\":\"X12.5.1\",\"status\":\"affected\"},{\"version\":\"X12.5.6\",\"status\":\"affected\"},{\"version\":\"X8.7.3\",\"status\":\"affected\"},{\"version\":\"X12.6.0\",\"status\":\"affected\"},{\"version\":\"X8.11.1\",\"status\":\"affected\"},{\"version\":\"X8.5\",\"status\":\"affected\"},{\"version\":\"X8.9.1\",\"status\":\"affected\"},{\"version\":\"X8.10.2\",\"status\":\"affected\"},{\"version\":\"X8.8.2\",\"status\":\"affected\"},{\"version\":\"X8.5.3\",\"status\":\"affected\"},{\"version\":\"X8.1\",\"status\":\"affected\"},{\"version\":\"X8.9.2\",\"status\":\"affected\"},{\"version\":\"X8.11.4\",\"status\":\"affected\"},{\"version\":\"X12.5.4\",\"status\":\"affected\"},{\"version\":\"X8.8.1\",\"status\":\"affected\"},{\"version\":\"X8.2.1\",\"status\":\"affected\"},{\"version\":\"X8.5.1\",\"status\":\"affected\"},{\"version\":\"X8.6.1\",\"status\":\"affected\"},{\"version\":\"X8.1.2\",\"status\":\"affected\"},{\"version\":\"X8.8\",\"status\":\"affected\"},{\"version\":\"X8.10.0\",\"status\":\"affected\"},{\"version\":\"X12.5.3\",\"status\":\"affected\"},{\"version\":\"X8.10.1\",\"status\":\"affected\"},{\"version\":\"X12.5.7\",\"status\":\"affected\"},{\"version\":\"X8.10.3\",\"status\":\"affected\"},{\"version\":\"X8.7.1\",\"status\":\"affected\"},{\"version\":\"X8.2\",\"status\":\"affected\"},{\"version\":\"X12.5.8\",\"status\":\"affected\"},{\"version\":\"X8.7\",\"status\":\"affected\"},{\"version\":\"X8.5.2\",\"status\":\"affected\"},{\"version\":\"X12.5.9\",\"status\":\"affected\"},{\"version\":\"X12.5.0\",\"status\":\"affected\"},{\"version\":\"X8.10.4\",\"status\":\"affected\"},{\"version\":\"X8.7.2\",\"status\":\"affected\"},{\"version\":\"X12.5.5\",\"status\":\"affected\"},{\"version\":\"X12.6.1\",\"status\":\"affected\"},{\"version\":\"X12.6.2\",\"status\":\"affected\"},{\"version\":\"X12.6.3\",\"status\":\"affected\"},{\"version\":\"X12.6.4\",\"status\":\"affected\"},{\"version\":\"X12.7.0\",\"status\":\"affected\"},{\"version\":\"X12.7.1\",\"status\":\"affected\"},{\"version\":\"X14.0.0\",\"status\":\"affected\"},{\"version\":\"X14.0.1\",\"status\":\"affected\"},{\"version\":\"X14.0.2\",\"status\":\"affected\"},{\"version\":\"X14.0.3\",\"status\":\"affected\"},{\"version\":\"X14.0.4\",\"status\":\"affected\"},{\"version\":\"X14.0.5\",\"status\":\"affected\"},{\"version\":\"X14.0.6\",\"status\":\"affected\"},{\"version\":\"X14.0.7\",\"status\":\"affected\"},{\"version\":\"X14.0.8\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"cisco\",\"product\":\"telepresence_video_communication_server_software\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*\",\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"x12.5.0\",\"status\":\"affected\"},{\"version\":\"x12.5.1\",\"status\":\"affected\"},{\"version\":\"x12.5.2\",\"status\":\"affected\"},{\"version\":\"x12.5.3\",\"status\":\"affected\"},{\"version\":\"x12.5.4\",\"status\":\"affected\"},{\"version\":\"x12.5.5\",\"status\":\"affected\"},{\"version\":\"x12.5.6\",\"status\":\"affected\"},{\"version\":\"x12.5.7\",\"status\":\"affected\"},{\"version\":\"x12.5.8\",\"status\":\"affected\"},{\"version\":\"x12.5.9\",\"status\":\"affected\"},{\"version\":\"x12.6.0\",\"status\":\"affected\"},{\"version\":\"x12.6.1\",\"status\":\"affected\"},{\"version\":\"x12.6.2\",\"status\":\"affected\"},{\"version\":\"x12.6.3\",\"status\":\"affected\"},{\"version\":\"x12.6.4\",\"status\":\"affected\"},{\"version\":\"x12.7.0\",\"status\":\"affected\"},{\"version\":\"x12.7.1\",\"status\":\"affected\"},{\"version\":\"x14.0.0\",\"status\":\"affected\"},{\"version\":\"x14.0.1\",\"status\":\"affected\"},{\"version\":\"x14.0.2\",\"status\":\"affected\"},{\"version\":\"x14.0.3\",\"status\":\"affected\"},{\"version\":\"x14.0.4\",\"status\":\"affected\"},{\"version\":\"x14.0.5\",\"status\":\"affected\"},{\"version\":\"x14.0.6\",\"status\":\"affected\"},{\"version\":\"x14.0.7\",\"status\":\"affected\"},{\"version\":\"x14.0.8\",\"status\":\"affected\"},{\"version\":\"x8.10.0\",\"status\":\"affected\"},{\"version\":\"x8.10.1\",\"status\":\"affected\"},{\"version\":\"x8.10.2\",\"status\":\"affected\"},{\"version\":\"x8.10.3\",\"status\":\"affected\"},{\"version\":\"x8.10.4\",\"status\":\"affected\"},{\"version\":\"x8.1.1\",\"status\":\"affected\"},{\"version\":\"x8.11.0\",\"status\":\"affected\"},{\"version\":\"x8.11.1\",\"status\":\"affected\"},{\"version\":\"x8.11.2\",\"status\":\"affected\"},{\"version\":\"x8.11.3\",\"status\":\"affected\"},{\"version\":\"x8.11.4\",\"status\":\"affected\"},{\"version\":\"x8.2\",\"status\":\"affected\"},{\"version\":\"x8.2.2\",\"status\":\"affected\"},{\"version\":\"x8.5\",\"status\":\"affected\"},{\"version\":\"x8.5.1\",\"status\":\"affected\"},{\"version\":\"x8.5.3\",\"status\":\"affected\"},{\"version\":\"x8.6\",\"status\":\"affected\"},{\"version\":\"x8.6.1\",\"status\":\"affected\"},{\"version\":\"x8.7\",\"status\":\"affected\"},{\"version\":\"x8.7.1\",\"status\":\"affected\"},{\"version\":\"x8.7.2\",\"status\":\"affected\"},{\"version\":\"x8.7.3\",\"status\":\"affected\"},{\"version\":\"x8.8\",\"status\":\"affected\"},{\"version\":\"x8.8.1\",\"status\":\"affected\"},{\"version\":\"x8.8.2\",\"status\":\"affected\"},{\"version\":\"x8.8.3\",\"status\":\"affected\"},{\"version\":\"x8.9\",\"status\":\"affected\"},{\"version\":\"x8.9.1\",\"status\":\"affected\"},{\"version\":\"x8.9.2\",\"status\":\"affected\"},{\"version\":\"x8.1\",\"status\":\"affected\"},{\"version\":\"x8.1.2\",\"status\":\"affected\"},{\"version\":\"x8.2.1\",\"status\":\"affected\"},{\"version\":\"x8.5.2\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-11-15T16:23:20.814823Z\",\"id\":\"CVE-2022-20853\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"73A2A365-59AA-48B9-9ABF-914C2B80C7A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"98BDD88B-DF43-4F7C-A6C0-1EECE9C85355\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"BE860BF8-AC42-4C10-BC65-9DBF8050E682\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"C03A7AEA-8411-4693-84A9-7ADC7F08D87C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"0D98AE26-55C9-4BA7-B82C-5B328E689418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"D50E9F77-0575-43E0-AF83-9A932F4D4F73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"9F91E793-E37D-4823-B078-DA96AB422967\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"3F16B185-879A-4BA8-B4EB-B032FC8B9674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"5D58C2C4-F0CB-440A-885A-173DC9B5D32F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"95FC0285-58F4-4C17-9DB0-0A495A7FE9BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"E9BB8E50-74EF-4726-A069-C90B09201593\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"8AEF5B51-8609-40D8-A01B-6696B012FCB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"C0DCF6AA-84C1-4B1A-80B0-6942707D9CAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"1590C980-506C-4689-AA91-6C647CC3AF28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"4E9D0839-13E1-4C95-AFEF-3071A977AB5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"6E714552-FDEF-4971-959F-3615E34E6F5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"20A5441C-7798-4EAD-9428-6DA4EF354807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"1BE2198F-DF53-497E-9945-062ADD3787F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"0D7C383F-30E2-4F22-B35D-B73671D1BBCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"B478B2B7-269C-4813-A004-225D90715A08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"CBEB2506-7F1B-4227-B5BD-47B28778D7AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"A000BA48-4ABC-46D4-89EB-CEA8D754B708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"66CBF53D-4174-463A-B902-E50FF63E39B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"BFFD53C6-D23A-4CEC-AD1C-7D6A8B920566\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"F642A732-BA7E-493F-BE62-273997AF3328\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"76688320-EE54-4662-BE15-F721EA55D5D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"7C3B3879-FCDF-4D12-9B81-24EC70FF6CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"F0B562E3-5E36-4899-A57A-90E653737B09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"EA6FF488-FBED-40E6-92CC-39B8749171C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"F84981B5-0E55-40D6-92F9-57C03A24A44A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"A9A37F14-5F65-4C99-A0E2-EACABEDF2286\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"6F7DC504-15CA-4D44-90E5-5684F474A7A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"36BD629F-0183-41C2-9547-08EAE359BD00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"26301BB9-38C0-473F-9FAF-E5DF70E29A36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"29C38DD2-E763-4B59-83C7-050D08D91637\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"684A39DB-7850-4932-922D-9E7A62FC608A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"81B09C18-F930-4B67-8309-7FA0889039C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"E172DA2A-37B4-4387-AE92-0F0D4F60F736\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"D09EB9B0-5212-4E32-95E9-93BEC53B4AA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"2221FF76-F13A-4E8D-88EB-2757AB6DCDCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"FBEE5E76-A827-4031-B1C1-4961C277C5F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"156F7D5E-DC54-4687-B80F-3281C779135F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"8BDFCFC1-8230-4051-9B5D-73349C288E46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"98E3BF27-037E-474F-B55A-12750943499D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"9F2CF11F-735B-458F-9F2F-8E2322FC39DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"22089B78-2048-4192-826B-76AA3FAE7E22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"C826FD6A-948C-4B09-8061-E800BD6E1963\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"2CE43D3E-BC2F-4CBC-8213-13028B88B1B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"60DF84F3-B71E-4860-A6B7-61AB5D201702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"06852E84-8BEC-403D-BB70-07A4F51054E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"EDDF2FE3-585A-4A3D-9E14-A8AE02301223\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"6C6A62AC-7214-4FB0-A2C9-82BDEE6D7C7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"7090851D-B154-435B-8F25-06E365334D68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"D1A6AB08-E97C-4865-B225-0EA77AA73366\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"0EE6F371-C8E2-4B4E-855E-882395C02801\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"711A5AE8-087C-4471-BA1B-C3B70EED1427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"4B0339D9-9CA8-4376-A60B-94429B993E80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"3AA3FAD1-7F25-4D57-AA14-822CDE7FE0FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"9F656226-EAB4-4B9D-965B-872FA62BDA26\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Not Applicable\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-20853\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T16:23:20.814823Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"telepresence_video_communication_server_software\", \"versions\": [{\"status\": \"affected\", \"version\": \"x12.5.0\"}, {\"status\": \"affected\", \"version\": \"x12.5.1\"}, {\"status\": \"affected\", \"version\": \"x12.5.2\"}, {\"status\": \"affected\", \"version\": \"x12.5.3\"}, {\"status\": \"affected\", \"version\": \"x12.5.4\"}, {\"status\": \"affected\", \"version\": \"x12.5.5\"}, {\"status\": \"affected\", \"version\": \"x12.5.6\"}, {\"status\": \"affected\", \"version\": \"x12.5.7\"}, {\"status\": \"affected\", \"version\": \"x12.5.8\"}, {\"status\": \"affected\", \"version\": \"x12.5.9\"}, {\"status\": \"affected\", \"version\": \"x12.6.0\"}, {\"status\": \"affected\", \"version\": \"x12.6.1\"}, {\"status\": \"affected\", \"version\": \"x12.6.2\"}, {\"status\": \"affected\", \"version\": \"x12.6.3\"}, {\"status\": \"affected\", \"version\": \"x12.6.4\"}, {\"status\": \"affected\", \"version\": \"x12.7.0\"}, {\"status\": \"affected\", \"version\": \"x12.7.1\"}, {\"status\": \"affected\", \"version\": \"x14.0.0\"}, {\"status\": \"affected\", \"version\": \"x14.0.1\"}, {\"status\": \"affected\", \"version\": \"x14.0.2\"}, {\"status\": \"affected\", \"version\": \"x14.0.3\"}, {\"status\": \"affected\", \"version\": \"x14.0.4\"}, {\"status\": \"affected\", \"version\": \"x14.0.5\"}, {\"status\": \"affected\", \"version\": \"x14.0.6\"}, {\"status\": \"affected\", \"version\": \"x14.0.7\"}, {\"status\": \"affected\", \"version\": \"x14.0.8\"}, {\"status\": \"affected\", \"version\": \"x8.10.0\"}, {\"status\": \"affected\", \"version\": \"x8.10.1\"}, {\"status\": \"affected\", \"version\": \"x8.10.2\"}, {\"status\": \"affected\", \"version\": \"x8.10.3\"}, {\"status\": \"affected\", \"version\": \"x8.10.4\"}, {\"status\": \"affected\", \"version\": \"x8.1.1\"}, {\"status\": \"affected\", \"version\": \"x8.11.0\"}, {\"status\": \"affected\", \"version\": \"x8.11.1\"}, {\"status\": \"affected\", \"version\": \"x8.11.2\"}, {\"status\": \"affected\", \"version\": \"x8.11.3\"}, {\"status\": \"affected\", \"version\": \"x8.11.4\"}, {\"status\": \"affected\", \"version\": \"x8.2\"}, {\"status\": \"affected\", \"version\": \"x8.2.2\"}, {\"status\": \"affected\", \"version\": \"x8.5\"}, {\"status\": \"affected\", \"version\": \"x8.5.1\"}, {\"status\": \"affected\", \"version\": \"x8.5.3\"}, {\"status\": \"affected\", \"version\": \"x8.6\"}, {\"status\": \"affected\", \"version\": \"x8.6.1\"}, {\"status\": \"affected\", \"version\": \"x8.7\"}, {\"status\": \"affected\", \"version\": \"x8.7.1\"}, {\"status\": \"affected\", \"version\": \"x8.7.2\"}, {\"status\": \"affected\", \"version\": \"x8.7.3\"}, {\"status\": \"affected\", \"version\": \"x8.8\"}, {\"status\": \"affected\", \"version\": \"x8.8.1\"}, {\"status\": \"affected\", \"version\": \"x8.8.2\"}, {\"status\": \"affected\", \"version\": \"x8.8.3\"}, {\"status\": \"affected\", \"version\": \"x8.9\"}, {\"status\": \"affected\", \"version\": \"x8.9.1\"}, {\"status\": \"affected\", \"version\": \"x8.9.2\"}, {\"status\": \"affected\", \"version\": \"x8.1\"}, {\"status\": \"affected\", \"version\": \"x8.1.2\"}, {\"status\": \"affected\", \"version\": \"x8.2.1\"}, {\"status\": \"affected\", \"version\": \"x8.5.2\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T16:48:54.526Z\"}}], \"cna\": {\"title\": \"Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability\", \"source\": {\"defects\": [\"CSCwa25097\"], \"advisory\": \"cisco-sa-expressway-csrf-sqpsSfY6\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco TelePresence Video Communication Server (VCS) Expressway\", \"versions\": [{\"status\": \"affected\", \"version\": \"X8.11.2\"}, {\"status\": \"affected\", \"version\": \"X8.6\"}, {\"status\": \"affected\", \"version\": \"X8.11.3\"}, {\"status\": \"affected\", \"version\": \"X8.2.2\"}, {\"status\": \"affected\", \"version\": \"X8.8.3\"}, {\"status\": \"affected\", \"version\": \"X8.11.0\"}, {\"status\": \"affected\", \"version\": \"X12.5.2\"}, {\"status\": \"affected\", \"version\": \"X8.1.1\"}, {\"status\": \"affected\", \"version\": \"X8.9\"}, {\"status\": \"affected\", \"version\": \"X12.5.1\"}, {\"status\": \"affected\", \"version\": \"X12.5.6\"}, {\"status\": \"affected\", \"version\": \"X8.7.3\"}, {\"status\": \"affected\", \"version\": \"X12.6.0\"}, {\"status\": \"affected\", \"version\": \"X8.11.1\"}, {\"status\": \"affected\", \"version\": \"X8.5\"}, {\"status\": \"affected\", \"version\": \"X8.9.1\"}, {\"status\": \"affected\", \"version\": \"X8.10.2\"}, {\"status\": \"affected\", \"version\": \"X8.8.2\"}, {\"status\": \"affected\", \"version\": \"X8.5.3\"}, {\"status\": \"affected\", \"version\": \"X8.1\"}, {\"status\": \"affected\", \"version\": \"X8.9.2\"}, {\"status\": \"affected\", \"version\": \"X8.11.4\"}, {\"status\": \"affected\", \"version\": \"X12.5.4\"}, {\"status\": \"affected\", \"version\": \"X8.8.1\"}, {\"status\": \"affected\", \"version\": \"X8.2.1\"}, {\"status\": \"affected\", \"version\": \"X8.5.1\"}, {\"status\": \"affected\", \"version\": \"X8.6.1\"}, {\"status\": \"affected\", \"version\": \"X8.1.2\"}, {\"status\": \"affected\", \"version\": \"X8.8\"}, {\"status\": \"affected\", \"version\": \"X8.10.0\"}, {\"status\": \"affected\", \"version\": \"X12.5.3\"}, {\"status\": \"affected\", \"version\": \"X8.10.1\"}, {\"status\": \"affected\", \"version\": \"X12.5.7\"}, {\"status\": \"affected\", \"version\": \"X8.10.3\"}, {\"status\": \"affected\", \"version\": \"X8.7.1\"}, {\"status\": \"affected\", \"version\": \"X8.2\"}, {\"status\": \"affected\", \"version\": \"X12.5.8\"}, {\"status\": \"affected\", \"version\": \"X8.7\"}, {\"status\": \"affected\", \"version\": \"X8.5.2\"}, {\"status\": \"affected\", \"version\": \"X12.5.9\"}, {\"status\": \"affected\", \"version\": \"X12.5.0\"}, {\"status\": \"affected\", \"version\": \"X8.10.4\"}, {\"status\": \"affected\", \"version\": \"X8.7.2\"}, {\"status\": \"affected\", \"version\": \"X12.5.5\"}, {\"status\": \"affected\", \"version\": \"X12.6.1\"}, {\"status\": \"affected\", \"version\": \"X12.6.2\"}, {\"status\": \"affected\", \"version\": \"X12.6.3\"}, {\"status\": \"affected\", \"version\": \"X12.6.4\"}, {\"status\": \"affected\", \"version\": \"X12.7.0\"}, {\"status\": \"affected\", \"version\": \"X12.7.1\"}, {\"status\": \"affected\", \"version\": \"X14.0.0\"}, {\"status\": \"affected\", \"version\": \"X14.0.1\"}, {\"status\": \"affected\", \"version\": \"X14.0.2\"}, {\"status\": \"affected\", \"version\": \"X14.0.3\"}, {\"status\": \"affected\", \"version\": \"X14.0.4\"}, {\"status\": \"affected\", \"version\": \"X14.0.5\"}, {\"status\": \"affected\", \"version\": \"X14.0.6\"}, {\"status\": \"affected\", \"version\": \"X14.0.7\"}, {\"status\": \"affected\", \"version\": \"X14.0.8\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco\\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6\", \"name\": \"cisco-sa-expressway-csrf-sqpsSfY6\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention\u003c/strong\u003e: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see \u003ca href=\\\"https://www.cisco.com/c/en/us/products/security/secure-names.html\\\"\u003eMeet Cisco\u0026nbsp;Secure\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the REST API of Cisco\u0026nbsp;Expressway Series and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\\r\\n\\r\\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.\\r\\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\u0026nbsp;\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-352\", \"description\": \"Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-11-15T15:27:23.911Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-20853\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T16:49:00.733Z\", \"dateReserved\": \"2021-11-02T13:28:29.180Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-11-15T15:27:23.911Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…