CVE-2022-20813

EPSS 0.09%
Veröffentlicht 06.07.2022 21:15:11
Zuletzt bearbeitet 21.11.2024 06:43:36
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Expressway Version < x14.0.7

Cisco ≫ Telepresence Video Communication Server Version < x14.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.259

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
psirt@cisco.com	9	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

CWE-158 Improper Neutralization of Null Byte or NUL Character

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-20813

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-20813

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-20813

EUVD