Cisco fixed a critical arbitrary File Overwrite flaw in Enterprise Communication solutions

Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products.

Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway series and TelePresence Video Communication Server (VCS).

A remote attacker can trigger the flaw to overwrite files on the underlying operating system with root privileges.

The vulnerability impacts Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices.

“A vulnerability in the cluster database API of Cisco Expressway Series and Cisco TelePresence VCS could allow an authenticated, remote attacker with Administratorread-write privileges on the application to conduct absolute path traversal attacks on an affected device and overwrite files on the underlying operating system as a root user.” reads the advisory published by Cisco.

The root cause of the vulnerability is the insufficient input validation of user-supplied command arguments. Threat actors can trigger the flaw by authenticating to the system as an administrative read-write user and submitting crafted input to the affected command.

The IT giant also addressed a Null Byte poisoning issue, tracked as CVE-2022-20813 (CVSS Score 9.0) in Expressway Series and TelePresence VCS.

“A vulnerability in the certificate validation of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.” reads the advisory.

The flaw is due to improper certificate validation. An attacker can trigger the vulnerability by using a man-in-the-middle technique to intercept the traffic between devices, and then using a crafted certificate to impersonate the endpoint. The attacker can view the intercepted traffic in clear text or manipulate it.

Both issues have been addressed with the release of Expressway series and TelePresence VCS release 14.0.7, but no workarounds that address these vulnerabilities are available.

The good news is that the IT giant is not aware of attacks in the wild exploiting these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISCO)

[adrotate banner=”5″]

[adrotate banner=”13″]