A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 
History

Fri, 15 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco telepresence Video Communication Server
Cisco telepresence Video Communication Server Software
CPEs cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*
Vendors & Products Cisco
Cisco telepresence Video Communication Server
Cisco telepresence Video Communication Server Software
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 15 Nov 2024 15:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 
Title Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-11-15T15:27:23.911Z

Updated: 2024-11-15T16:49:00.733Z

Reserved: 2021-11-02T13:28:29.180Z

Link: CVE-2022-20853

cve-icon Vulnrichment

Updated: 2024-11-15T16:48:54.526Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-15T16:15:23.540

Modified: 2024-11-18T17:11:56.587

Link: CVE-2022-20853

cve-icon Redhat

No data.