Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-20814

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.  The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Published

2024-11-15T16:15:22.670

Last Modified

2025-07-31T15:44:19.193

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-295
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco telepresence_video_communication_server x8.1 Yes
Application cisco telepresence_video_communication_server x8.1.1 Yes
Application cisco telepresence_video_communication_server x8.1.2 Yes
Application cisco telepresence_video_communication_server x8.2 Yes
Application cisco telepresence_video_communication_server x8.2.1 Yes
Application cisco telepresence_video_communication_server x8.2.2 Yes
Application cisco telepresence_video_communication_server x8.5 Yes
Application cisco telepresence_video_communication_server x8.5.1 Yes
Application cisco telepresence_video_communication_server x8.5.2 Yes
Application cisco telepresence_video_communication_server x8.5.3 Yes
Application cisco telepresence_video_communication_server x8.6 Yes
Application cisco telepresence_video_communication_server x8.6.1 Yes
Application cisco telepresence_video_communication_server x8.7 Yes
Application cisco telepresence_video_communication_server x8.7.1 Yes
Application cisco telepresence_video_communication_server x8.7.2 Yes
Application cisco telepresence_video_communication_server x8.7.3 Yes
Application cisco telepresence_video_communication_server x8.8 Yes
Application cisco telepresence_video_communication_server x8.8.1 Yes
Application cisco telepresence_video_communication_server x8.8.2 Yes
Application cisco telepresence_video_communication_server x8.8.3 Yes
Application cisco telepresence_video_communication_server x8.9 Yes
Application cisco telepresence_video_communication_server x8.9.1 Yes
Application cisco telepresence_video_communication_server x8.9.2 Yes
Application cisco telepresence_video_communication_server x8.10.0 Yes
Application cisco telepresence_video_communication_server x8.10.1 Yes
Application cisco telepresence_video_communication_server x8.10.2 Yes
Application cisco telepresence_video_communication_server x8.10.3 Yes
Application cisco telepresence_video_communication_server x8.10.4 Yes
Application cisco telepresence_video_communication_server x8.11.0 Yes
Application cisco telepresence_video_communication_server x8.11.1 Yes
Application cisco telepresence_video_communication_server x8.11.2 Yes
Application cisco telepresence_video_communication_server x8.11.3 Yes
Application cisco telepresence_video_communication_server x8.11.4 Yes
Application cisco telepresence_video_communication_server x12.5.0 Yes
Application cisco telepresence_video_communication_server x12.5.1 Yes
Application cisco telepresence_video_communication_server x12.5.2 Yes
Application cisco telepresence_video_communication_server x12.5.3 Yes
Application cisco telepresence_video_communication_server x12.5.4 Yes
Application cisco telepresence_video_communication_server x12.5.5 Yes
Application cisco telepresence_video_communication_server x12.5.6 Yes
Application cisco telepresence_video_communication_server x12.5.7 Yes
Application cisco telepresence_video_communication_server x12.5.8 Yes
Application cisco telepresence_video_communication_server x12.5.9 Yes
Application cisco telepresence_video_communication_server x12.6.0 Yes
Application cisco telepresence_video_communication_server x12.6.1 Yes
Application cisco telepresence_video_communication_server x12.6.2 Yes
Application cisco telepresence_video_communication_server x12.6.3 Yes
Application cisco telepresence_video_communication_server x12.6.4 Yes
Application cisco telepresence_video_communication_server x12.7.0 Yes
Application cisco telepresence_video_communication_server x12.7.1 Yes
Application cisco telepresence_video_communication_server x14.0.0 Yes
Application cisco telepresence_video_communication_server x14.0.1 Yes
Application cisco telepresence_video_communication_server x14.0.2 Yes
Application cisco telepresence_video_communication_server x14.0.3 Yes
Application cisco telepresence_video_communication_server x14.0.4 Yes
Application cisco telepresence_video_communication_server x14.0.5 Yes
Application cisco telepresence_video_communication_server x14.0.6 Yes
Application cisco telepresence_video_communication_server x14.0.7 Yes
Application cisco telepresence_video_communication_server x14.0.8 Yes
Application cisco telepresence_video_communication_server x14.0.9 Yes
References