Vulnerability-Lookup

BDU:2022-06331

Vulnerability from fstec - Published: 05.10.2022

Title

Description

Уязвимость веб-интерфейса управления микропрограммного обеспечения шлюзов Cisco Expressway и микропрограммного обеспечения устройств управления вызовами Cisco TelePresence Video Communication Server связана с подделкой межсайтовых запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, осуществить CSRF-атаку с помощью специально созданной вредоносной ссылки

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco Expressway, TelePresence Video Communication Server

Software Version

до 14.0.9 (Cisco Expressway), до 14.0.9 (TelePresence Video Communication Server)

Possible Mitigations

Использование рекомендаций: https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html

Reference

https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html

CWE

CWE-352

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 14.0.9 (Cisco Expressway), \u0434\u043e 14.0.9 (TelePresence Video Communication Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.10.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.10.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.10.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-06331",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-20853",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco Expressway, TelePresence Video Communication Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0448\u043b\u044e\u0437\u043e\u0432 Cisco Expressway \u0438 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u0437\u043e\u0432\u0430\u043c\u0438 Cisco TelePresence Video Communication Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c CSRF-\u0430\u0442\u0430\u043a\u0443",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (CWE-352)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0448\u043b\u044e\u0437\u043e\u0432 Cisco Expressway \u0438 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u0437\u043e\u0432\u0430\u043c\u0438 Cisco TelePresence Video Communication Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c CSRF-\u0430\u0442\u0430\u043a\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0441\u0441\u044b\u043b\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-expressway-csrf-sqpsSfY6.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-352",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,4)"
}

CVE-2022-20853 (GCVE-0-2022-20853)

Vulnerability from cvelistv5 – Published: 2024-11-15 15:27 – Updated: 2024-11-15 16:49

Title

Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability

Summary

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

cisco

References

URL

Tags

	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco TelePresence Video Communication Server (VCS) Expressway	Affected: X8.11.2 Affected: X8.6 Affected: X8.11.3 Affected: X8.2.2 Affected: X8.8.3 Affected: X8.11.0 Affected: X12.5.2 Affected: X8.1.1 Affected: X8.9 Affected: X12.5.1 Affected: X12.5.6 Affected: X8.7.3 Affected: X12.6.0 Affected: X8.11.1 Affected: X8.5 Affected: X8.9.1 Affected: X8.10.2 Affected: X8.8.2 Affected: X8.5.3 Affected: X8.1 Affected: X8.9.2 Affected: X8.11.4 Affected: X12.5.4 Affected: X8.8.1 Affected: X8.2.1 Affected: X8.5.1 Affected: X8.6.1 Affected: X8.1.2 Affected: X8.8 Affected: X8.10.0 Affected: X12.5.3 Affected: X8.10.1 Affected: X12.5.7 Affected: X8.10.3 Affected: X8.7.1 Affected: X8.2 Affected: X12.5.8 Affected: X8.7 Affected: X8.5.2 Affected: X12.5.9 Affected: X12.5.0 Affected: X8.10.4 Affected: X8.7.2 Affected: X12.5.5 Affected: X12.6.1 Affected: X12.6.2 Affected: X12.6.3 Affected: X12.6.4 Affected: X12.7.0 Affected: X12.7.1 Affected: X14.0.0 Affected: X14.0.1 Affected: X14.0.2 Affected: X14.0.3 Affected: X14.0.4 Affected: X14.0.5 Affected: X14.0.6 Affected: X14.0.7 Affected: X14.0.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "telepresence_video_communication_server_software",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "x12.5.0"
              },
              {
                "status": "affected",
                "version": "x12.5.1"
              },
              {
                "status": "affected",
                "version": "x12.5.2"
              },
              {
                "status": "affected",
                "version": "x12.5.3"
              },
              {
                "status": "affected",
                "version": "x12.5.4"
              },
              {
                "status": "affected",
                "version": "x12.5.5"
              },
              {
                "status": "affected",
                "version": "x12.5.6"
              },
              {
                "status": "affected",
                "version": "x12.5.7"
              },
              {
                "status": "affected",
                "version": "x12.5.8"
              },
              {
                "status": "affected",
                "version": "x12.5.9"
              },
              {
                "status": "affected",
                "version": "x12.6.0"
              },
              {
                "status": "affected",
                "version": "x12.6.1"
              },
              {
                "status": "affected",
                "version": "x12.6.2"
              },
              {
                "status": "affected",
                "version": "x12.6.3"
              },
              {
                "status": "affected",
                "version": "x12.6.4"
              },
              {
                "status": "affected",
                "version": "x12.7.0"
              },
              {
                "status": "affected",
                "version": "x12.7.1"
              },
              {
                "status": "affected",
                "version": "x14.0.0"
              },
              {
                "status": "affected",
                "version": "x14.0.1"
              },
              {
                "status": "affected",
                "version": "x14.0.2"
              },
              {
                "status": "affected",
                "version": "x14.0.3"
              },
              {
                "status": "affected",
                "version": "x14.0.4"
              },
              {
                "status": "affected",
                "version": "x14.0.5"
              },
              {
                "status": "affected",
                "version": "x14.0.6"
              },
              {
                "status": "affected",
                "version": "x14.0.7"
              },
              {
                "status": "affected",
                "version": "x14.0.8"
              },
              {
                "status": "affected",
                "version": "x8.10.0"
              },
              {
                "status": "affected",
                "version": "x8.10.1"
              },
              {
                "status": "affected",
                "version": "x8.10.2"
              },
              {
                "status": "affected",
                "version": "x8.10.3"
              },
              {
                "status": "affected",
                "version": "x8.10.4"
              },
              {
                "status": "affected",
                "version": "x8.1.1"
              },
              {
                "status": "affected",
                "version": "x8.11.0"
              },
              {
                "status": "affected",
                "version": "x8.11.1"
              },
              {
                "status": "affected",
                "version": "x8.11.2"
              },
              {
                "status": "affected",
                "version": "x8.11.3"
              },
              {
                "status": "affected",
                "version": "x8.11.4"
              },
              {
                "status": "affected",
                "version": "x8.2"
              },
              {
                "status": "affected",
                "version": "x8.2.2"
              },
              {
                "status": "affected",
                "version": "x8.5"
              },
              {
                "status": "affected",
                "version": "x8.5.1"
              },
              {
                "status": "affected",
                "version": "x8.5.3"
              },
              {
                "status": "affected",
                "version": "x8.6"
              },
              {
                "status": "affected",
                "version": "x8.6.1"
              },
              {
                "status": "affected",
                "version": "x8.7"
              },
              {
                "status": "affected",
                "version": "x8.7.1"
              },
              {
                "status": "affected",
                "version": "x8.7.2"
              },
              {
                "status": "affected",
                "version": "x8.7.3"
              },
              {
                "status": "affected",
                "version": "x8.8"
              },
              {
                "status": "affected",
                "version": "x8.8.1"
              },
              {
                "status": "affected",
                "version": "x8.8.2"
              },
              {
                "status": "affected",
                "version": "x8.8.3"
              },
              {
                "status": "affected",
                "version": "x8.9"
              },
              {
                "status": "affected",
                "version": "x8.9.1"
              },
              {
                "status": "affected",
                "version": "x8.9.2"
              },
              {
                "status": "affected",
                "version": "x8.1"
              },
              {
                "status": "affected",
                "version": "x8.1.2"
              },
              {
                "status": "affected",
                "version": "x8.2.1"
              },
              {
                "status": "affected",
                "version": "x8.5.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20853",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:23:20.814823Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T16:49:00.733Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco TelePresence Video Communication Server (VCS) Expressway",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "X8.11.2"
            },
            {
              "status": "affected",
              "version": "X8.6"
            },
            {
              "status": "affected",
              "version": "X8.11.3"
            },
            {
              "status": "affected",
              "version": "X8.2.2"
            },
            {
              "status": "affected",
              "version": "X8.8.3"
            },
            {
              "status": "affected",
              "version": "X8.11.0"
            },
            {
              "status": "affected",
              "version": "X12.5.2"
            },
            {
              "status": "affected",
              "version": "X8.1.1"
            },
            {
              "status": "affected",
              "version": "X8.9"
            },
            {
              "status": "affected",
              "version": "X12.5.1"
            },
            {
              "status": "affected",
              "version": "X12.5.6"
            },
            {
              "status": "affected",
              "version": "X8.7.3"
            },
            {
              "status": "affected",
              "version": "X12.6.0"
            },
            {
              "status": "affected",
              "version": "X8.11.1"
            },
            {
              "status": "affected",
              "version": "X8.5"
            },
            {
              "status": "affected",
              "version": "X8.9.1"
            },
            {
              "status": "affected",
              "version": "X8.10.2"
            },
            {
              "status": "affected",
              "version": "X8.8.2"
            },
            {
              "status": "affected",
              "version": "X8.5.3"
            },
            {
              "status": "affected",
              "version": "X8.1"
            },
            {
              "status": "affected",
              "version": "X8.9.2"
            },
            {
              "status": "affected",
              "version": "X8.11.4"
            },
            {
              "status": "affected",
              "version": "X12.5.4"
            },
            {
              "status": "affected",
              "version": "X8.8.1"
            },
            {
              "status": "affected",
              "version": "X8.2.1"
            },
            {
              "status": "affected",
              "version": "X8.5.1"
            },
            {
              "status": "affected",
              "version": "X8.6.1"
            },
            {
              "status": "affected",
              "version": "X8.1.2"
            },
            {
              "status": "affected",
              "version": "X8.8"
            },
            {
              "status": "affected",
              "version": "X8.10.0"
            },
            {
              "status": "affected",
              "version": "X12.5.3"
            },
            {
              "status": "affected",
              "version": "X8.10.1"
            },
            {
              "status": "affected",
              "version": "X12.5.7"
            },
            {
              "status": "affected",
              "version": "X8.10.3"
            },
            {
              "status": "affected",
              "version": "X8.7.1"
            },
            {
              "status": "affected",
              "version": "X8.2"
            },
            {
              "status": "affected",
              "version": "X12.5.8"
            },
            {
              "status": "affected",
              "version": "X8.7"
            },
            {
              "status": "affected",
              "version": "X8.5.2"
            },
            {
              "status": "affected",
              "version": "X12.5.9"
            },
            {
              "status": "affected",
              "version": "X12.5.0"
            },
            {
              "status": "affected",
              "version": "X8.10.4"
            },
            {
              "status": "affected",
              "version": "X8.7.2"
            },
            {
              "status": "affected",
              "version": "X12.5.5"
            },
            {
              "status": "affected",
              "version": "X12.6.1"
            },
            {
              "status": "affected",
              "version": "X12.6.2"
            },
            {
              "status": "affected",
              "version": "X12.6.3"
            },
            {
              "status": "affected",
              "version": "X12.6.4"
            },
            {
              "status": "affected",
              "version": "X12.7.0"
            },
            {
              "status": "affected",
              "version": "X12.7.1"
            },
            {
              "status": "affected",
              "version": "X14.0.0"
            },
            {
              "status": "affected",
              "version": "X14.0.1"
            },
            {
              "status": "affected",
              "version": "X14.0.2"
            },
            {
              "status": "affected",
              "version": "X14.0.3"
            },
            {
              "status": "affected",
              "version": "X14.0.4"
            },
            {
              "status": "affected",
              "version": "X14.0.5"
            },
            {
              "status": "affected",
              "version": "X14.0.6"
            },
            {
              "status": "affected",
              "version": "X14.0.7"
            },
            {
              "status": "affected",
              "version": "X14.0.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the REST API of Cisco\u0026nbsp;Expressway Series and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\u0026nbsp;"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T15:27:23.911Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-expressway-csrf-sqpsSfY6",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention\u003c/strong\u003e: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see \u003ca href=\"https://www.cisco.com/c/en/us/products/security/secure-names.html\"\u003eMeet Cisco\u0026nbsp;Secure",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
        }
      ],
      "source": {
        "advisory": "cisco-sa-expressway-csrf-sqpsSfY6",
        "defects": [
          "CSCwa25097"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20853",
    "datePublished": "2024-11-15T15:27:23.911Z",
    "dateReserved": "2021-11-02T13:28:29.180Z",
    "dateUpdated": "2024-11-15T16:49:00.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2022-06331

CVE-2022-20853 (GCVE-0-2022-20853)

Tags

Sightings

Nomenclature