Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities [CVE-2022-20754 and CVE-2022-20755]

CVE numbers – CVE-2022-20754 and CVE-2022-20755

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk

Vulnerable Products

These vulnerabilities affect Cisco Expressway Series and Cisco TelePresence VCS.

Details about the vulnerabilities are as follows:

CVE-2022-20754: Cisco Expressway Series and Cisco TelePresence VCS Arbitrary File Write Vulnerability

A vulnerability in the cluster database API of Cisco Expressway Series and Cisco TelePresence VCS could allow an authenticated, remote attacker with read/write privileges to the application to conduct directory traversal attacks and overwrite files on the underlying operating system of an affected device as the root user.

This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then submitting crafted input to the affected command. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system as the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCwa25107
CVE ID: CVE-2022-20754
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.0
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

CVE-2022-20755: Cisco Expressway Series and Cisco TelePresence VCS Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence VCS could allow an authenticated, remote attacker with read/write privileges to the application to execute arbitrary code on the underlying operating system of an affected device as the root user.

This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then submitting crafted input to the affected command. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvz85393
CVE ID: CVE-2022-20755
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.0
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L