CVE-2022-20812 The API and web-based interface of Cisco Expressway and VCS could be vulnerable to remote attackers overwriting arbitrary files or conducting null byte poisoning attacks.

CVE-2022-20812 The API and web-based interface of Cisco Expressway and VCS could be vulnerable to remote attackers overwriting arbitrary files or conducting null byte poisoning attacks.

The vulnerabilities are due to insufficient input validation of user-supplied inputs. An attacker could exploit these vulnerabilities to execute arbitrary code, obtain full control of an affected system, or upgrade the system to a vulnerable version. Cisco has released software updates to fix these vulnerabilities. End users who detect these attacks should immediately upgrade to the latest software versions. Cisco has announced plans to discontinue the Cisco Expressway Series and Cisco TelePresence Video Communication Server. If you currently use these products, you should contact your vendor to evaluate the availability of updated versions. Cisco has also announced plans to discontinue Cisco TelePresence Interoperability Program (VTIPP) endpoints. If you currently use Cisco VTIPP endpoints, you should contact your vendor to evaluate the availability of updated versions. Cisco has announced plans to discontinue the Cisco TelePresence Management (TMS) software. If you currently use Cisco TMS, you should contact your vendor to evaluate the availability of updated versions. Cisco has announced plans to discontinue Cisco TelePresence Application Programming Interface (TEAP) specifications. If you currently use Cisco TEAP, you should contact your vendor to evaluate the availability of updated versions. Cisco has announced plans to discontinue Cisco TelePresence Device (TDD) specifications

CVSS Matrix

Cisco has announced plans to discontinue five products, which include the Cisco Expressway Series and Cisco TelePresence Video Communication Server. This matrix provides a list of affected devices as well as associated CVE's.

The vulnerabilities are due to insufficient input validation of user-supplied inputs. An attacker could exploit these vulnerabilities to execute arbitrary code, obtain full control of an affected system, or upgrade the system to a vulnerable version. Cisco has released software updates to fix these vulnerabilities. End users who detect these attacks should immediately upgrade to the latest software versions. These announcements from Cisco mean that you must update your systems if you are using any Cisco products listed in this matrix.
Cisco has also announced plans to discontinue Cisco TelePresence Interoperability Program (VTIPP) endpoints. If you currently use Cisco VTIPP endpoints, you should contact your vendor to evaluate the availability of updated versions. These announcements from Cisco mean that you must update your systems if you are using any Cisco products listed in this matrix.

CSCve64982: Cisco TelePresence Software

Denial of Service Vulnerabilities

Cisco has announced plans to discontinue Cisco TelePresence Software Denial of Service Vulnerabilities. If you currently use the product, you should contact your vendor to evaluate the availability of updated versions.

Vulnerable Products

Cisco has announced plans to discontinue the following products:

- Cisco Expressway Series
- Cisco TelePresence Video Communication Server

Vulnerable Products

- Cisco Expressway Series
- Cisco TelePresence Video Communication Server
- Cisco TelePresence Interoperability Program (VTIPP) endpoints
- Cisco TelePresence Management (TMS) software
- Cisco TEAP specifications
- Cisco TEAP endpoints
- Cisco TelePresence Device (TDD) specifications

Vulnerable products

The Cisco Expressway Series and Cisco TelePresence Video Communication Server are vulnerable to these vulnerabilities. The Cisco TelePresence Interoperability Program (VTIPP) endpoints are vulnerable to these vulnerabilities. The Cisco TelePresence Management (TMS) software is vulnerable to these vulnerabilities. The Cisco TEAP specifications are vulnerable to these vulnerabilities. The Cisco TelePresence Device (TDD) specifications are vulnerable to these vulnerabilities

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe