Pierluigi Paganini October 06, 2022

Cisco fixed high-severity flaws in some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence.

Cisco announced it has addressed high-severity vulnerabilities affecting some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence.

“Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow a remote attacker to bypass certificate validation or conduct cross-site request forgery attacks on an affected device.” reads the advisory published by the IT giant.

The first vulnerability, tracked as CVE-2022-20814, is an improper certificate validation issue, a remote, unauthenticated attacker can trigger it to access sensitive data through a man-in-the-middle attack.

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.

The vulnerability is due to a lack of validation of the SSL server certificate for an affected device while it establishes a connection to a Cisco Unified Communications Manager device.

“An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.” continues the advisory.

The flaw doesn’t affect Cisco Expressway-E.

The second issue, tracked CVE-2022-20853, is a cross-site request forgery (CSRF) that can be exploited to cause a denial of service (DoS) condition by tricking a user into clicking on a specially crafted link.

“A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.” states the advisory. “This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.”

The Cisco PSIRT is not aware of any public announcements or attacks in the wild exploiting these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, DoS)

[adrotate banner=”5″]

[adrotate banner=”13″]