#VU60966 Path traversal in Cisco Expressway and TelePresence Video Communication Server (VCS) - CVE-2022-20754

Cybersecurity Help s.r.o.

Published: 2022-03-02

Vulnerability identifier: #VU60966

Vulnerability risk: Medium

CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-20754

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Expressway
Server applications / Conferencing, Collaboration and VoIP solutions
TelePresence Video Communication Server (VCS)
Other software / Other software solutions

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote user to overwrite arbitrary files on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences in the cluster database API. A remote authenticated user can send a specially crafted HTTP request and overwrite arbitrary files with root privileges.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cisco Expressway: X14.0.3 - X14.0.4

TelePresence Video Communication Server (VCS): X14.0.3 - X14.0.4

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa25107

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server