March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-20808 – Cisco Smart Software Manager On-Prem Vulnerability
July 7, 2022Rewterz Threat Alert – Donot APT Group – Active IOCs
July 7, 2022Rewterz Threat Advisory – CVE-2022-20808 – Cisco Smart Software Manager On-Prem Vulnerability
July 7, 2022Rewterz Threat Alert – Donot APT Group – Active IOCs
July 7, 2022
Severity
High
Analysis Summary
CVE-2022-20812
Cisco Expressway Series and TelePresence Video Communication Server could allow a remote authenticated attacker to traverse directories on the system, caused by insufficient input validation of user-supplied command arguments. By authenticating to the system as an administrative read-write user and submitting crafted input to the affected command, an attacker could overwrite arbitrary files on the underlying operating system as the root user.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2022-20812
Affected Vendors
Cisco
Affected Products
- Cisco Expressway Series 14
- Cisco Expressway Series 14.0.6
- Cisco TelePresence Video Communication Server 14
- Cisco TelePresence Video Communication Server 14.0.6
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.