CVE-2022-20814
HIGH EPSS 55.1%
Published Nov 15, 20241y ago · Modified Jun 17, 20261w ago
7.4 CVSS 3.1
Published Nov 15, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None
Threat Intelligence
EPSS Exploit Probability
55.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-295
Affected Products 60
| Vendor | Product | Version | Range |
|---|---|---|---|
| cisco | telepresence_video_communication_server | x8.1 | any |
| cisco | telepresence_video_communication_server | x8.1.1 | any |
| cisco | telepresence_video_communication_server | x8.1.2 | any |
| cisco | telepresence_video_communication_server | x8.2 | any |
| cisco | telepresence_video_communication_server | x8.2.1 | any |
| cisco | telepresence_video_communication_server | x8.2.2 | any |
| cisco | telepresence_video_communication_server | x8.5 | any |
| cisco | telepresence_video_communication_server | x8.5.1 | any |
| cisco | telepresence_video_communication_server | x8.5.2 | any |
| cisco | telepresence_video_communication_server | x8.5.3 | any |
| cisco | telepresence_video_communication_server | x8.6 | any |
| cisco | telepresence_video_communication_server | x8.6.1 | any |
| cisco | telepresence_video_communication_server | x8.7 | any |
| cisco | telepresence_video_communication_server | x8.7.1 | any |
| cisco | telepresence_video_communication_server | x8.7.2 | any |
| cisco | telepresence_video_communication_server | x8.7.3 | any |
| cisco | telepresence_video_communication_server | x8.8 | any |
| cisco | telepresence_video_communication_server | x8.8.1 | any |
| cisco | telepresence_video_communication_server | x8.8.2 | any |
| cisco | telepresence_video_communication_server | x8.8.3 | any |
| cisco | telepresence_video_communication_server | x8.9 | any |
| cisco | telepresence_video_communication_server | x8.9.1 | any |
| cisco | telepresence_video_communication_server | x8.9.2 | any |
| cisco | telepresence_video_communication_server | x8.10.0 | any |
| cisco | telepresence_video_communication_server | x8.10.1 | any |
| cisco | telepresence_video_communication_server | x8.10.2 | any |
| cisco | telepresence_video_communication_server | x8.10.3 | any |
| cisco | telepresence_video_communication_server | x8.10.4 | any |
| cisco | telepresence_video_communication_server | x8.11.0 | any |
| cisco | telepresence_video_communication_server | x8.11.1 | any |
| cisco | telepresence_video_communication_server | x8.11.2 | any |
| cisco | telepresence_video_communication_server | x8.11.3 | any |
| cisco | telepresence_video_communication_server | x8.11.4 | any |
| cisco | telepresence_video_communication_server | x12.5.0 | any |
| cisco | telepresence_video_communication_server | x12.5.1 | any |
| cisco | telepresence_video_communication_server | x12.5.2 | any |
| cisco | telepresence_video_communication_server | x12.5.3 | any |
| cisco | telepresence_video_communication_server | x12.5.4 | any |
| cisco | telepresence_video_communication_server | x12.5.5 | any |
| cisco | telepresence_video_communication_server | x12.5.6 | any |
| cisco | telepresence_video_communication_server | x12.5.7 | any |
| cisco | telepresence_video_communication_server | x12.5.8 | any |
| cisco | telepresence_video_communication_server | x12.5.9 | any |
| cisco | telepresence_video_communication_server | x12.6.0 | any |
| cisco | telepresence_video_communication_server | x12.6.1 | any |
| cisco | telepresence_video_communication_server | x12.6.2 | any |
| cisco | telepresence_video_communication_server | x12.6.3 | any |
| cisco | telepresence_video_communication_server | x12.6.4 | any |
| cisco | telepresence_video_communication_server | x12.7.0 | any |
| cisco | telepresence_video_communication_server | x12.7.1 | any |
| cisco | telepresence_video_communication_server | x14.0.0 | any |
| cisco | telepresence_video_communication_server | x14.0.1 | any |
| cisco | telepresence_video_communication_server | x14.0.2 | any |
| cisco | telepresence_video_communication_server | x14.0.3 | any |
| cisco | telepresence_video_communication_server | x14.0.4 | any |
| cisco | telepresence_video_communication_server | x14.0.5 | any |
| cisco | telepresence_video_communication_server | x14.0.6 | any |
| cisco | telepresence_video_communication_server | x14.0.7 | any |
| cisco | telepresence_video_communication_server | x14.0.8 | any |
| cisco | telepresence_video_communication_server | x14.0.9 | any |
References 4
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.