Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-20814
Analyzed
More InfoOfficial Page
Source-psirt@cisco.com
View Known Exploited Vulnerability (KEV) details
Published At-15 Nov, 2024 | 16:15
Updated At-31 Jul, 2025 | 15:44

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.  The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.1.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.1.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.2.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.2.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.5
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.5.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.5.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.5.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.6
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.6.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.7
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.7.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.7.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.7.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.8
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.8.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.8.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.8.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.9
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.9.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.9.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.10.0
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.10.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.10.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.10.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.10.4
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.11.0
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.11.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.11.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.11.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.11.4
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.0
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.4
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.5
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.6
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.7
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.8
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.9
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.6.0
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.6.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.6.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.6.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.6.4
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.7.0
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.7.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:expressway:*:*:*
Weaknesses
CWE IDTypeSource
CWE-295Secondarypsirt@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6psirt@cisco.com
Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxtpsirt@cisco.com
Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6psirt@cisco.com
Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2psirt@cisco.com
Not Applicable
Change History
0Changes found
Details not found