Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.
{"id": "CVE-2022-20812", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-20812", "description": "Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.", "published": "2022-07-06T21:15:00", "modified": "2022-07-14T15:12:00", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:N/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 8.5}, "severity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 9.2, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.2, "impactScore": 5.2}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20812", "reporter": "psirt@cisco.com", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH"], "cvelist": ["CVE-2022-20812"], "immutableFields": [], "lastseen": "2022-07-14T16:17:38", "viewCount": 18, "enchantments": {"twitter": {"counter": 7, "tweets": [{"link": "https://twitter.com/threatintelctr/status/1544799168438452227", "text": " NEW: CVE-2022-20812 Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker... (click for more) https://t.co/geoQ9qvQ8W", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}, {"link": "https://twitter.com/VulmonFeeds/status/1544814273100120065", "text": "CVE-2022-20812\n\nMultiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to over...\n\nhttps://t.co/kVcbRm4Gro", "author": "VulmonFeeds", "author_photo": "https://pbs.twimg.com/profile_images/945758793161498625/67b3PEYK_400x400.jpg"}, {"link": "https://twitter.com/CVEnew/status/1544814740920307716", "text": "CVE-2022-20812 Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct n... https://t.co/8sNsPXEQQ9", "author": "CVEnew", "author_photo": "https://pbs.twimg.com/profile_images/1447927972393111557/PQRMlVvZ_400x400.jpg"}, {"link": "https://twitter.com/6townstechteam/status/1545135637778538499", "text": "Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities [CVE-2022-20812 and\u00a0CVE-2022-20813]", "author": "6townstechteam", "author_photo": "https://pbs.twimg.com/profile_images/691363890266030080/54hzRoFI_400x400.jpg"}, {"link": "https://twitter.com/SystemTek_UK/status/1545135632904765440", "text": "Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities [CVE-2022-20812 and\u00a0CVE-2022-20813]", "author": "SystemTek_UK", "author_photo": "https://pbs.twimg.com/profile_images/789769290975211520/7QfuP6tV_400x400.jpg"}, {"link": "https://twitter.com/threatintelctr/status/1547600125119188996", "text": " NEW: CVE-2022-20812 Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker... (click for more) Severity: MEDIUM https://t.co/geoQ9qNr0u", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}]}, "score": {"value": 3.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-EXPRESSWAY-OVERWRITE-3BUQW8LH"]}, {"type": "nessus", "idList": ["CISCO-SA-EXPRESSWAY-OVERWRITE-3BUQW8LH.NASL"]}, {"type": "thn", "idList": ["THN:9216B20CCF254156E39EF4D359DF5B33", "THN:B10692D3224BDBF4B4F0106580455998"]}]}, "vulnersScore": 3.0}, "_state": {"twitter": 1657816553, "score": 1660017089, "dependencies": 1660016946}, "_internal": {"score_hash": "208ed479c846ed11ab25ecf9f5d4938e"}, "cna_cvss": {"cna": "Cisco Systems, Inc.", "cvss": {"3": {"vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", "score": 9.0}}}, "cpe": [], "cpe23": [], "cwe": ["CWE-22"], "affectedSoftware": [{"cpeName": "cisco:telepresence_video_communication_server", "version": "x14.0.7", "operator": "lt", "name": "cisco telepresence video communication server"}, {"cpeName": "cisco:expressway", "version": "x14.0.7", "operator": "lt", "name": "cisco expressway"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:*:*:*:*", "versionEndExcluding": "x14.0.7", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:expressway:x14.0.7:*:*:*:*:*:*:*", "versionEndExcluding": "x14.0.7", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH", "name": "20220706 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities", "refsource": "CISCO", "tags": ["Vendor Advisory"]}]}
{"cisco": [{"lastseen": "2022-07-06T16:56:02", "description": "Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device.\n\nNote: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device.\n\nFor more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH\"]", "cvss3": {}, "published": "2022-07-06T16:00:00", "type": "cisco", "title": "Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-20812", "CVE-2022-20813"], "modified": "2022-07-06T16:00:00", "id": "CISCO-SA-EXPRESSWAY-OVERWRITE-3BUQW8LH", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH", "cvss": {"score": 9.0, "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"}}], "nessus": [{"lastseen": "2022-07-19T14:59:02", "description": "According to its self-reported version, Cisco TelePresence Video Communication Server is affected by multiple vulnerabilities in the API and in the web-based management interface that allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "Cisco TelePresence VCS Multiple Vulnerabilities (cisco-sa-expressway-overwrite-3buqW8LH)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-20812", "CVE-2022-20813"], "modified": "2022-07-18T00:00:00", "cpe": ["cpe:/h:cisco:telepresence_video_communication_server", "cpe:/a:cisco:telepresence_video_communication_server_software"], "id": "CISCO-SA-EXPRESSWAY-OVERWRITE-3BUQW8LH.NASL", "href": "https://www.tenable.com/plugins/nessus/162854", "sourceData": "#TRUSTED 613942f332d085a5c2d0b9ce3beae188fa1f4c333c6b80d46a27b2aef97167b88fe86c00ee9a8f28eadcc6f77036dc3b81d852458ce320c337df8143f41215d4c5b62038f370cb92bd0d1347d39b454d35222fb06adcab71adb098fd830fcd7216fa7fb6ab64694f2ad6de75a6fae866891067d4154f90ac0569a4b85ed048bcce7fa0b58b453a9f848aadbc55d377e684e60e31aae13d2471efa6a861142f0e44b9d464ea6ae947252847185f062806cc3663b191242d19ef147755ae7fab6d73b0bebe62551eb207ff57ac6366d71a4f5326cf33ac14d5b5a89b3cc4bf60dcea28a9c5590595e3803ceb8c3121df0288c9706123a9474e253e782181ddc7dce912d65579bca82ba6e556151a72ce9e504ea9aefde7db251240b2cbaff30375b4222656dac7923f2eca788b22ad17e6d9f702e71e26523d0df37d450de5a0547af8654e30e7dbdb342ff8e71233a9468382cac42c8f934bd5cf80dac7b4b87bfaf58a393f0102d880de65a6ee82f39f598e26434031e873bfdb492b9483b5d36bfb4b535fbac791de2a6692a9dc90c2305185edfcf155a26b78e338428c88edb40bbb42d99f155bcf072962b871fe4caed7b96b9260b7e5e204e23645beb13af6345cf5174f9ed15e9bd0dd1909ed0ce8a9980ba651807d7b69d959672a2ed96fb5788fd3781e5c2f2137b043c534c84b7c091e3d3345bbc038df669c541e93\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162854);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/18\");\n\n script_cve_id(\"CVE-2022-20812\", \"CVE-2022-20813\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCwa01080\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCwa01085\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-expressway-overwrite-3buqW8LH\");\n script_xref(name:\"IAVA\", value:\"2022-A-0218\");\n\n script_name(english:\"Cisco TelePresence VCS Multiple Vulnerabilities (cisco-sa-expressway-overwrite-3buqW8LH)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco TelePresence Video Communication Server is affected by multiple\nvulnerabilities in the API and in the web-based management interface that allow a remote attacker to overwrite\narbitrary files or conduct null byte poisoning attacks on an affected device.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?03d2bbb2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa01080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa01085\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwa01080, CSCwa01085\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20812\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(36, 158);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:telepresence_video_communication_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_video_communication_server_software\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_telepresence_video_communication_server_detect.nbin\");\n script_require_keys(\"Cisco/TelePresence_VCS/Version\");\n\n exit(0);\n}\n\ninclude('ccf.inc');\n\nvar product_info = cisco::get_product_info(name:'Cisco TelePresence VCS');\nvar vuln_ranges = [{ 'min_ver':'0.0', 'fix_ver' : '14.0.7' }];\n\nvar reporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_HOLE,\n 'version' , product_info['version'],\n 'bug_id' , 'CSCwa01080, CSCwa01085',\n 'disable_caveat', TRUE\n);\n\ncisco::check_and_report(\n product_info:product_info,\n reporting:reporting,\n vuln_ranges:vuln_ranges\n);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:N/I:C/A:C"}}], "thn": [{"lastseen": "2022-07-21T11:59:02", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEifgI8X0u2Gxra-cOzFZ1gZkXrGcp7ullJlReqsGVa3xRv0u0wpvUvbZlYFUm7509-48qD2KXaD-4st0b0iNLqPW4A1ryZw1Tc3kWb_t-IvCPfekIo_wKLpFkNbZh5VzeF05dWbpt2hzJLUKbxb3LWPzxzr7L-lF4J06K37eGm9hV0zRaQPu7Lr2g-E/s728-e100/cisco-patch-update.jpg>)\n\nCisco on Wednesday released security patches for 45 vulnerabilities affecting a variety of products, some of which could be exploited to execute arbitrary actions with elevated permissions on affected systems.\n\nOf the 45 bugs, one security vulnerability is rated Critical, three are rated High, and 41 are rated Medium in severity. \n\nThe [most severe of the issues](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y>) are CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861, which impact Cisco Nexus Dashboard for data centers and cloud network infrastructures and could enable an \"unauthenticated remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.\"\n\n * **CVE-2022-20857** (CVSS score: 9.8) - Cisco Nexus Dashboard arbitrary command execution vulnerability\n * **CVE-2022-20858** (CVSS score: 8.2) - Cisco Nexus Dashboard container image read and write vulnerability\n * **CVE-2022-20861** (CVSS score: 8.8) - Cisco Nexus Dashboard cross-site request forgery (CSRF) vulnerability\n\nAll the three vulnerabilities, which were identified during internal security testing, affect Cisco Nexus Dashboard 1.1 and later, with fixes available in version 2.2(1e).\n\nAnother high-severity flaw relates to a vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard (CVE-2022-20860, CVSS score: 7.4) that could permit an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information.\n\n\"An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers,\" the company [said](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N>) in an advisory.\n\n\"A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers.\"\n\nAnother set of five shortcomings in the Cisco Nexus Dashboard products concerns a mix of [four privilege escalation flaws](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mprvesc-EMhDgXe5>) and an [arbitrary file write vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-afw-2MT9tb99>) that could permit an authenticated attacker to gain root permissions and write arbitrary files to the devices.\n\nElsewhere resolved by Cisco are [35 vulnerabilities](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK>) in its Small Business RV110W, RV130, RV130W, and RV215W routers that could equip an adversary already in possession of valid Administrator credentials with capabilities to run arbitrary code or cause a denial-of-service (DoS) condition by sending a specially crafted request to the web-based management interface.\n\nRounding off the patches is a fix for a cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco IoT Control Center that, if successfully weaponized, could enable an unauthenticated, remote attacker to stage an XSS attack against a user.\n\n\"An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link,\" Cisco [said](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iotcc-xss-WQrCLRVd>). \"A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\"\n\nAlthough none of the aforementioned vulnerabilities are said to be maliciously put to use in real-world attacks, it's imperative that users of the affected appliances move quickly to apply the patches.\n\nThe updates also arrives less than two weeks after Cisco rolled out patches for 10 security flaws, including an arbitrary critical file overwrite vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server ([CVE-2022-20812](<https://thehackernews.com/2022/07/cisco-and-fortinet-release-security.html>)) that could lead to absolute path traversal attacks.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-07-21T04:58:00", "type": "thn", "title": "Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20812", "CVE-2022-20857", "CVE-2022-20858", "CVE-2022-20860", "CVE-2022-20861"], "modified": "2022-07-21T11:32:10", "id": "THN:B10692D3224BDBF4B4F0106580455998", "href": "https://thehackernews.com/2022/07/cisco-releases-patches-for-critical.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:N/I:C/A:C"}}, {"lastseen": "2022-07-07T11:58:11", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjwY0P7oLDO0ATxHR3zFYpOHiX6QcBPX89bGMZ3yBFqueQLwgSiTEZTmBPiW8uem6npwZUzVWDE8p0hq5XPZ0JPY0KyDcS5Y2G1JHt9zliro0Q3npdZA_avhk_bxqFjeHHl8JUq2PxgoGOpZciEE35kxT2k4DVBF9yfkXJdfh_L61Nb89R5lWdVsWIM/s728-e100/cisco.jpg>)\n\nCisco on Wednesday rolled out patches for [10 security flaws](<https://tools.cisco.com/security/center/publicationListing.x>) spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks.\n\nThe issues, tracked as **CVE-2022-20812 and CVE-2022-20813**, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and \"could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device,\" the company [said](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH>) in an advisory.\n\nCVE-2022-20812 (CVSS score: 9.0), which concerns a case of arbitrary file overwrite in the cluster database API, requires the authenticated, remote attacker to have Administrator read-write privileges on the application so as to be able to mount path traversal attacks as a root user.\n\n\"This vulnerability is due to insufficient input validation of user-supplied command arguments,\" the company said. \"An attacker could exploit this vulnerability by authenticating to the system as an administrative read-write user and submitting crafted input to the affected command.\"\n\nSuccessful exploitation of the flaw could enable the adversary to overwrite arbitrary files on the underlying operating system.\n\nCVE-2022-20813 (CVSS score: 7.4), on the other hand, has been described as a null byte poisoning flaw arising due to improper certificate validation, which could be weaponized by an attacker to stage a man-in-the-middle (MitM) attack and gain unauthorized access to sensitive data.\n\nAlso patched by Cisco is a high-severity flaw in its Smart Software Manager On-Prem ([CVE-2022-20808](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-privesc-tP6uNZOS>), CVSS score: 7.7) that could be abused by an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\n### Fortinet issues fixes for several products\n\nIn a related development, Fortinet addressed as many as four high-severity vulnerabilities affecting FortiAnalyzer, FortiClient, FortiDeceptor, and FortiNAC -\n\n * [**CVE-2021-43072**](<https://www.fortiguard.com/psirt/FG-IR-21-206>) (CVSS score: 7.4) - Stack-based buffer overflow via crafted CLI execute command in FortiAnalyzer, FortiManager, FortiOS and FortiProxy\n * [**CVE-2021-41031**](<https://www.fortiguard.com/psirt/FG-IR-21-190>) (CVSS score: 7.8) - Privilege Escalation via directory traversal attack in FortiClient for Windows\n * [**CVE-2022-30302**](<https://www.fortiguard.com/psirt/FG-IR-21-213>) (CVSS score: 7.9) - Multiple path traversal vulnerabilities in FortiDeceptor management interface, and\n * [**CVE-2022-26117**](<https://www.fortiguard.com/psirt/FG-IR-22-058>) (CVSS score: 8.0) - Unprotected MySQL root account in FortiNAC\n\nShould the flaws be successfully exploited, it may allow an authenticated attacker to execute arbitrary code, retrieve and delete files, and access MySQL databases, or even permit a local unprivileged actor to escalate to SYSTEM permissions.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-07-06T21:51:00", "type": "thn", "title": "Cisco and Fortinet Release Security Patches for Multiple Products", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-41031", "CVE-2021-43072", "CVE-2022-20808", "CVE-2022-20812", "CVE-2022-20813", "CVE-2022-26117", "CVE-2022-30302"], "modified": "2022-07-07T11:45:09", "id": "THN:9216B20CCF254156E39EF4D359DF5B33", "href": "https://thehackernews.com/2022/07/cisco-and-fortinet-release-security.html", "cvss": {"score": 0.0, "vector": "NONE"}}]}
CVE-2022-20812
