CVE-2022-20814

EPSS 0.12%
Veröffentlicht 15.11.2024 16:15:22
Zuletzt bearbeitet 31.07.2025 15:44:19
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnerability

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.  The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.
Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 60 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Telepresence Video Communication Server Versionx8.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.1.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.1.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.2.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.2.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.5 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.5.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.5.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.5.3 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.6 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.6.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.7 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.7.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.7.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.7.3 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.8 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.8.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.8.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.8.3 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.9 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.9.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.9.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.10.0 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.10.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.10.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.10.3 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.10.4 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.11.0 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.11.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.11.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.11.3 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx8.11.4 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.5.0 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.5.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.5.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.5.3 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.5.4 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.5.5 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.5.6 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.5.7 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.5.8 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.5.9 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.6.0 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.6.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.6.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.6.3 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.6.4 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.7.0 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx12.7.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx14.0.0 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx14.0.1 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx14.0.2 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx14.0.3 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx14.0.4 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx14.0.5 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx14.0.6 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx14.0.7 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx14.0.8 SwEditionexpressway

Cisco ≫ Telepresence Video Communication Server Versionx14.0.9 SwEditionexpressway

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.316

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt

Not Applicable

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6

Not Applicable

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2022-20814

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-20814

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-20814

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-20814