Cisco fixes Critical vulnerabilities in Expressway and VCS
Cisco has addressed patches for two critical vulnerabilities that persisted in its products
The first is a critical vulnerability, tracked as CVE-2022-20812 with a CVSS score of 9.0, that existed in the Expressway series and Telepresence VCS
The vulnerability impacts Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices, a remote attacker can trigger the flaw to overwrite files on the underlying operating system with root privileges.
The root cause of the vulnerability is the insufficient input validation of user-supplied command arguments. Threat actors can trigger the flaw by authenticating to the system as an administrative read-write user and submitting crafted input to the affected command.
The second bug is a Null Byte poisoning issue that occurs due to improper certificate validation, tracked as CVE-2022-20813 with a CVSS Score 9.0 in Expressway Series and TelePresence VCS.
An attacker can trigger the vulnerability by using a man-in-the-middle technique to intercept the traffic between devices, and then using a crafted certificate to impersonate the endpoint. The attacker can view the intercepted traffic in clear text or manipulate it.
Both issues have been addressed with the release of Expressway series and TelePresence VCS release 14.0.7, but no workarounds that address these vulnerabilities are available.
None of the vulnerabilities are exploited in wild as confirmed by Cisco