Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Vulnerability

CVE-2022-20809 is a vulnerability in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could allow an authenticated, remote attacker to write files on an affected device [1]. The Cisco advisory notes that this CVE only affects products that have debug logging enabled [1]. Affected versions are those of Cisco Expressway Series and Cisco TelePresence VCS as described in the Cisco Security Advisory; the default configuration is not vulnerable for this specific CVE [1].

Exploitation

To exploit this vulnerability, an attacker must have valid credentials (authenticated) and network access to the affected device [1]. The attack requires that debug logging be enabled on the target system [1]. The Cisco advisory does not provide specific exploitation steps but indicates the vulnerability exists in the API or web-based management interfaces, allowing file write operations when debug logging is active [1].

Impact

Successful exploitation could allow an authenticated, remote attacker to write arbitrary files to the affected device [1]. This file write capability could lead to further compromise, potentially enabling the attacker to modify system behavior or gain elevated privileges, depending on the files written [1]. The impact is limited to file write, and the confidentiality, integrity, or availability impact is not fully detailed beyond the potential for information disclosure or system modification [1].

Mitigation

Cisco has released software updates that address this vulnerability [1]. The advisory states there are no workarounds that address these vulnerabilities [1]. Users should apply the fixed software versions as indicated in the Cisco Security Advisory for Cisco Expressway Series and Cisco TelePresence VCS [1].