{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-20853","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2021-11-02T13:28:29.180Z","datePublished":"2024-11-15T15:27:23.911Z","dateUpdated":"2024-11-15T16:49:00.733Z"},"containers":{"cna":{"title":"Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"descriptions":[{"lang":"en","value":"A vulnerability in the REST API of Cisco&nbsp;Expressway Series and Cisco&nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.\r\nCisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.&nbsp;"}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6","name":"cisco-sa-expressway-csrf-sqpsSfY6"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8</a></p><p><strong>Attention</strong>: Simplifying the Cisco&nbsp;portfolio includes the renaming of security products under one brand: Cisco&nbsp;Secure. For more information, see <a href=\"https://www.cisco.com/c/en/us/products/security/secure-names.html\">Meet Cisco&nbsp;Secure"}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}],"source":{"advisory":"cisco-sa-expressway-csrf-sqpsSfY6","discovery":"INTERNAL","defects":["CSCwa25097"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Cross-Site Request Forgery (CSRF)","type":"cwe","cweId":"CWE-352"}]}],"affected":[{"vendor":"Cisco","product":"Cisco TelePresence Video Communication Server (VCS) Expressway","versions":[{"version":"X8.11.2","status":"affected"},{"version":"X8.6","status":"affected"},{"version":"X8.11.3","status":"affected"},{"version":"X8.2.2","status":"affected"},{"version":"X8.8.3","status":"affected"},{"version":"X8.11.0","status":"affected"},{"version":"X12.5.2","status":"affected"},{"version":"X8.1.1","status":"affected"},{"version":"X8.9","status":"affected"},{"version":"X12.5.1","status":"affected"},{"version":"X12.5.6","status":"affected"},{"version":"X8.7.3","status":"affected"},{"version":"X12.6.0","status":"affected"},{"version":"X8.11.1","status":"affected"},{"version":"X8.5","status":"affected"},{"version":"X8.9.1","status":"affected"},{"version":"X8.10.2","status":"affected"},{"version":"X8.8.2","status":"affected"},{"version":"X8.5.3","status":"affected"},{"version":"X8.1","status":"affected"},{"version":"X8.9.2","status":"affected"},{"version":"X8.11.4","status":"affected"},{"version":"X12.5.4","status":"affected"},{"version":"X8.8.1","status":"affected"},{"version":"X8.2.1","status":"affected"},{"version":"X8.5.1","status":"affected"},{"version":"X8.6.1","status":"affected"},{"version":"X8.1.2","status":"affected"},{"version":"X8.8","status":"affected"},{"version":"X8.10.0","status":"affected"},{"version":"X12.5.3","status":"affected"},{"version":"X8.10.1","status":"affected"},{"version":"X12.5.7","status":"affected"},{"version":"X8.10.3","status":"affected"},{"version":"X8.7.1","status":"affected"},{"version":"X8.2","status":"affected"},{"version":"X12.5.8","status":"affected"},{"version":"X8.7","status":"affected"},{"version":"X8.5.2","status":"affected"},{"version":"X12.5.9","status":"affected"},{"version":"X12.5.0","status":"affected"},{"version":"X8.10.4","status":"affected"},{"version":"X8.7.2","status":"affected"},{"version":"X12.5.5","status":"affected"},{"version":"X12.6.1","status":"affected"},{"version":"X12.6.2","status":"affected"},{"version":"X12.6.3","status":"affected"},{"version":"X12.6.4","status":"affected"},{"version":"X12.7.0","status":"affected"},{"version":"X12.7.1","status":"affected"},{"version":"X14.0.0","status":"affected"},{"version":"X14.0.1","status":"affected"},{"version":"X14.0.2","status":"affected"},{"version":"X14.0.3","status":"affected"},{"version":"X14.0.4","status":"affected"},{"version":"X14.0.5","status":"affected"},{"version":"X14.0.6","status":"affected"},{"version":"X14.0.7","status":"affected"},{"version":"X14.0.8","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-11-15T15:27:23.911Z"}},"adp":[{"affected":[{"vendor":"cisco","product":"telepresence_video_communication_server_software","cpes":["cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"x12.5.0","status":"affected"},{"version":"x12.5.1","status":"affected"},{"version":"x12.5.2","status":"affected"},{"version":"x12.5.3","status":"affected"},{"version":"x12.5.4","status":"affected"},{"version":"x12.5.5","status":"affected"},{"version":"x12.5.6","status":"affected"},{"version":"x12.5.7","status":"affected"},{"version":"x12.5.8","status":"affected"},{"version":"x12.5.9","status":"affected"},{"version":"x12.6.0","status":"affected"},{"version":"x12.6.1","status":"affected"},{"version":"x12.6.2","status":"affected"},{"version":"x12.6.3","status":"affected"},{"version":"x12.6.4","status":"affected"},{"version":"x12.7.0","status":"affected"},{"version":"x12.7.1","status":"affected"},{"version":"x14.0.0","status":"affected"},{"version":"x14.0.1","status":"affected"},{"version":"x14.0.2","status":"affected"},{"version":"x14.0.3","status":"affected"},{"version":"x14.0.4","status":"affected"},{"version":"x14.0.5","status":"affected"},{"version":"x14.0.6","status":"affected"},{"version":"x14.0.7","status":"affected"},{"version":"x14.0.8","status":"affected"},{"version":"x8.10.0","status":"affected"},{"version":"x8.10.1","status":"affected"},{"version":"x8.10.2","status":"affected"},{"version":"x8.10.3","status":"affected"},{"version":"x8.10.4","status":"affected"},{"version":"x8.1.1","status":"affected"},{"version":"x8.11.0","status":"affected"},{"version":"x8.11.1","status":"affected"},{"version":"x8.11.2","status":"affected"},{"version":"x8.11.3","status":"affected"},{"version":"x8.11.4","status":"affected"},{"version":"x8.2","status":"affected"},{"version":"x8.2.2","status":"affected"},{"version":"x8.5","status":"affected"},{"version":"x8.5.1","status":"affected"},{"version":"x8.5.3","status":"affected"},{"version":"x8.6","status":"affected"},{"version":"x8.6.1","status":"affected"},{"version":"x8.7","status":"affected"},{"version":"x8.7.1","status":"affected"},{"version":"x8.7.2","status":"affected"},{"version":"x8.7.3","status":"affected"},{"version":"x8.8","status":"affected"},{"version":"x8.8.1","status":"affected"},{"version":"x8.8.2","status":"affected"},{"version":"x8.8.3","status":"affected"},{"version":"x8.9","status":"affected"},{"version":"x8.9.1","status":"affected"},{"version":"x8.9.2","status":"affected"},{"version":"x8.1","status":"affected"},{"version":"x8.1.2","status":"affected"},{"version":"x8.2.1","status":"affected"},{"version":"x8.5.2","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-15T16:23:20.814823Z","id":"CVE-2022-20853","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-15T16:49:00.733Z"}}]}}