Sign-up

ID

VAR-202205-1535


CVE

CVE-2022-20807


TITLE

Cisco Expressway Series  and  Cisco TelePresence Video Communication Server  Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011225

DESCRIPTION

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Expressway Series is a software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping remote workers work more efficiently on the device of their choice. An attacker could exploit this vulnerability to retrieve files from the local system, resulting in the disclosure of sensitive information on the affected system. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV

Trust: 1.8

sources: NVD: CVE-2022-20807 // JVNDB: JVNDB-2022-011225 // VULHUB: VHN-405360 // VULMON: CVE-2022-20807

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication serverscope:lteversion:x14.0.7

Trust: 1.0

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence video communication server ソフトウェアscope:eqversion:cisco telepresence video communication server software

Trust: 0.8

sources: JVNDB: JVNDB-2022-011225 // NVD: CVE-2022-20807

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-20807
value: MEDIUM

Trust: 1.8

ykramarz@cisco.com: CVE-2022-20807
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202205-3723
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405360
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-20807
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-405360
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com:
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20807
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405360 // JVNDB: JVNDB-2022-011225 // NVD: CVE-2022-20807 // NVD: CVE-2022-20807 // CNNVD: CNNVD-202205-3723

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.1

problemtype:Information leakage from log files (CWE-532) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405360 // JVNDB: JVNDB-2022-011225 // NVD: CVE-2022-20807

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3723

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202205-3723

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-20807

PATCH
title:cisco-sa-expressway-filewrite-bsFVwueVurl:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-filewrite-bsfvwuev
Trust: 0.8
title:Cisco Expressway Series  and  TelePresence Video Communication Server Repair measures for log information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195510
Trust: 0.6
title:Cisco: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-expressway-filewrite-bsfvwuev
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-20807 // 
            
            
            
            JVNDB: JVNDB-2022-011225 // 
            
            
            
            CNNVD: CNNVD-202205-3723

EXTERNAL IDS
db:NVDid:CVE-2022-20807
Trust: 3.4
db:JVNDBid:JVNDB-2022-011225
Trust: 0.8
db:CNNVDid:CNNVD-202205-3723
Trust: 0.7
db:CS-HELPid:SB2022051906
Trust: 0.6
db:VULHUBid:VHN-405360
Trust: 0.1
db:VULMONid:CVE-2022-20807
Trust: 0.1
sources:
            
            
            VULHUB: VHN-405360 // 
            
            
            
            VULMON: CVE-2022-20807 // 
            
            
            
            JVNDB: JVNDB-2022-011225 // 
            
            
            
            NVD: CVE-2022-20807 // 
            
            
            
            CNNVD: CNNVD-202205-3723

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-expressway-filewrite-bsfvwuev
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2022-20807
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-20807/
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2022051906
Trust: 0.6
sources:
            
            
            VULHUB: VHN-405360 // 
            
            
            
            VULMON: CVE-2022-20807 // 
            
            
            
            JVNDB: JVNDB-2022-011225 // 
            
            
            
            NVD: CVE-2022-20807 // 
            
            
            
            CNNVD: CNNVD-202205-3723

SOURCES
db:VULHUBid:VHN-405360
db:VULMONid:CVE-2022-20807
db:JVNDBid:JVNDB-2022-011225
db:NVDid:CVE-2022-20807
db:CNNVDid:CNNVD-202205-3723

LAST UPDATE DATE
2023-12-18T13:22:23.291000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-405360date:2022-06-09T00:00:00
db:JVNDBid:JVNDB-2022-011225date:2023-08-21T05:40:00
db:NVDid:CVE-2022-20807date:2023-11-07T03:43:00.380
db:CNNVDid:CNNVD-202205-3723date:2022-06-10T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-405360date:2022-05-27T00:00:00
db:JVNDBid:JVNDB-2022-011225date:2023-08-21T00:00:00
db:NVDid:CVE-2022-20807date:2022-05-27T14:15:08.833
db:CNNVDid:CNNVD-202205-3723date:2022-05-18T00:00:00