Unrated severityNVD Advisory· Published May 27, 2022· Updated Nov 6, 2024

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

CVE-2022-20806

Description

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An authenticated remote attacker can write arbitrary files on affected Cisco Expressway Series and TelePresence VCS devices via the API and web-based management interfaces.

Vulnerability

CVE-2022-20806 is an arbitrary file write vulnerability in the cluster database component of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). The default configuration is vulnerable. All software releases were affected at the time of publication [1].

Exploitation

An authenticated remote attacker with valid credentials can exploit this vulnerability by sending crafted requests to the API or web-based management interface. No additional access or user interaction is required beyond authentication [1].

Impact

Successful exploitation allows the attacker to write arbitrary files to the affected device. This could lead to modification of system files, potential denial of service, or further compromise of the device [1].

Mitigation

Cisco has released software updates to address this vulnerability. There are no workarounds. Fixed software versions are specified in the Cisco Security Advisory [1]. Users should upgrade to a fixed release as soon as possible.

References

Cisco Security Advisory: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Telepresence Video Communication Serverllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: n/a
Cisco Systems, Inc./Expressway Seriesllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueVmitrevendor-advisoryx_refsource_CISCO

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000