CVE-2022-20754
Published: 06 April 2022
Summary
CVE-2022-20754 is a critical-severity Relative Path Traversal (CWE-23) vulnerability in Cisco Telepresence Video Communication Server. Its CVSS base score is 9.0 (Critical).
Operationally, ranked in the top 14.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-26004
Vulnerability details
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on…
more
the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.