Cisco released an advisory to announce fixes for two high-severity vulnerabilities. The vulnerabilities could allow a remote hacker to perform cross-site request forgery (CSRF) attacks or bypass SSL server certificate validation. The flaws, tracked as CVE-2022-20814 and CVE-2022-20853, can only be exploited on the products’ default configuration.
- Cisco Expressway Series (< 14.0)
- Expressway Control (Expressway-C)
- Expressway Edge (Expressway-E)
- Cisco TelePresence VCS (< 14.0)
CVE-2022-20814 (CVSS score: 7.4): Improper Certificate Validation
An unauthenticated, remote attacker may be able to access sensitive data using a vulnerability in Cisco Expressway-C and TelePresence VCS’ certificate validation. This vulnerability does not affect Expressway-E.
An impacted device connects to a Cisco Unified Communications Manager device, then it receives an SSL server certificate that is not validated.
An attacker might take advantage of this vulnerability by intercepting the traffic between the devices with a man-in-the-middle attack and then impersonating the endpoint with a self-signed certificate.
If the exploit is effective, the attacker may be able to view the intercepted traffic in clear text or change its contents.
CVE-2022-20853 (CVSS score: 7.4): Request Forgery Vulnerability
A cross-site request forgery (CSRF) attack on a vulnerable system might be carried out by an unauthenticated, remote attacker using a vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS.
The web-based management interface of a compromised system has weak CSRF protections, which is the cause of this vulnerability. An attacker could take advantage of this flaw by convincing a REST API user to click on a crafted link. If the exploit is successful, the attacker might be able to force a system to reload.
These vulnerabilities cannot be fixed by workarounds. Software patches from Cisco have been made available to fix these vulnerabilities. Visit Cisco’s security center for notes on software upgrading.
- For CVE-2022-20853 -> 14.0.9
- For CVE-2022-20814 -> 14.2
Check Cisco’s advisory for more information.