Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in Cisco Expressway Series and Cisco TelePresence
Alerts

Critical Vulnerabilities in Cisco Expressway Series and Cisco TelePresence

3 March 2022

Cisco has released security updates to address two critical vulnerabilities (CVE-2022-20754 and CVE-2022-20755) affecting Cisco Expressway Series and Cisco TelePresence VCS Products. The vulnerabilities have a maximum Common Vulnerability Scoring System (CVSS) score of 9.0 out of 10.

The vulnerabilities are:

CVE-2022-20754 - A vulnerability in the cluster database API of Cisco Expressway Series and Cisco TelePresence VCS that could allow an authenticated, remote attacker with read/write privileges to conduct directory traversal attacks and overwrite files on the underlying operating system of an affected device as the root user.

CVE-2022-20755 - A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence VCS that could allow an authenticated, remote attacker with read/write privileges to execute arbitrary code on the underlying operating system of an affected device as the root user.

The following products are affected by these vulnerabilities:

  • Cisco Expressway: X14.0.3 - X14.0.4

  • TelePresence Video Communication Server (VCS): X14.0.3 - X14.0.4

Administrators of the affected products are advised to install the latest security updates immediately.

More information is available here:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk

https://www.cybersecurity-help.cz/vdb/SB2022030223

Back to top