VDB
CVE-2022-20755
CVE-2022-20755
PUBLISHED
CVSS 9 CRITICAL
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.
EPSS 3.27% · 87.4th percentile
Risk Scores
CVSS 3.1
9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
EPSS Score
3.27%
87.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | telepresence_video_communication_server | 0 |
| Cisco | Cisco TelePresence Video Communication Server (VCS) Expressway | * |
Exploit Intelligence
Timeline
- Mar 3, 2022 CVE Published
- Apr 9, 2022 EPSS Score
- Apr 15, 2022 EPSS Score
- May 29, 2022 EPSS Score
- Jul 20, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 6, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 29, 2023 EPSS Score
- May 18, 2023 EPSS Score
- Jul 7, 2023 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-20755 advisory