VDB
CVE-2022-20853
CVE-2022-20853
PUBLISHED
CVSS 7.400000095367432 HIGH
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges, un déni de service à distance et une injection de requêtes illégitimes par rebond (CSRF).
EPSS 0.62% · 70.3th percentile
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
EPSS Score
0.62%
70.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | N/A | |
| Cisco | TelePresence VCS | |
| Cisco | Expressway Series | |
| cisco | telepresence_video_communication_server_software | x12.5.4, x12.5.6, x12.5.7 |
| Cisco | Cisco TelePresence Video Communication Server (VCS) Expressway | *, X8.11.2, X8.6 |
| cisco | telepresence_video_communication_server | x8.1, x8.1.1, x8.1.2 |
Exploit Intelligence
- cisco-sa-expressway-csrf-sqpsSfY6 (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8</a></p><p><strong>Attention</strong>: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see <a href="https://www.cisco.com/c/en/us/products/security/secure-names.html">Meet Cisco Secure (circl)
Timeline
- Oct 6, 2022 CVE Published
- Nov 16, 2024 EPSS Score
- Dec 5, 2024 EPSS Score
- Dec 22, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 13, 2025 EPSS Score
- Mar 3, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
- Apr 24, 2025 EPSS Score
- May 12, 2025 EPSS Score
References
- cisco-sa-expressway-csrf-sqpsSfY6 url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8</a></p><p><strong>Attention</strong>: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see <a href="https://www.cisco.com/c/en/us/products/security/secure-names.html">Meet Cisco Secure url
- https://nvd.nist.gov/vuln/detail/CVE-2022-20853 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-ISV-BQrvEv2h advisory