一、 漏洞 CVE-2022-20814 基础信息
漏洞标题
Cisco Expressway系列和Cisco TelePresence VCS不正确证书验证漏洞
来源:AIGC 神龙大模型
漏洞描述信息
在Cisco Expressway-C和Cisco TelePresence VCS的证书验证中存在一个漏洞,该漏洞可能允许未经身份验证的远程攻击者非法访问敏感数据。漏洞是由于受影响设备在与Cisco Unified Communications Manager设备建立连接时,未能验证接收到的SSL服务器证书。攻击者可以利用中间人技术拦截设备间的通信,并使用自签名证书冒充终端。攻击成功后,攻击者可以以明文形式查看被拦截的流量或修改流量内容。 注意:Cisco Expressway-E不受此漏洞影响。Cisco已发布了修复此漏洞的软件更新。目前没有解决此漏洞的替代方法。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
来源:AIGC 神龙大模型
漏洞类别
证书验证不恰当
来源:AIGC 神龙大模型
漏洞标题
Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnerability
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.  The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
证书验证不恰当
来源:美国国家漏洞数据库 NVD
漏洞标题
Cisco Expressway Series和Cisco TelePresence Video Communication Server 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Cisco Expressway Series和Cisco TelePresence Video Communication Server(VCS)都是美国思科(Cisco)公司的产品。Cisco Expressway Series是一款用于防火墙外访问设备的软件。该软件为防火墙外的用户提供了简单、高度安全的访问功能,帮助远程办公人员在他们选择的设备上更有效地工作。Cisco TelePresence Video Communication Server是一款视频通信服务器。 Cisco Expressw
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2022-20814 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2022-20814 的情报信息

  • 标题: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities -- 🔗来源链接

    标签:

    神龙速读
    Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

  • 标题: Cisco IOS XR Software Broadband Network Gateway PPP over Ethernet Denial of Service Vulnerability -- 🔗来源链接

    标签:

    神龙速读
    Cisco IOS XR Software Broadband Network Gateway PPP over Ethernet Denial of Service Vulnerability

  • 标题: Cisco Network Convergence System 4000 Series TL1 Denial of Service Vulnerability -- 🔗来源链接

    标签:

    神龙速读
    Cisco Network Convergence System 4000 Series TL1 Denial of Service Vulnerability

  • 标题: Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability -- 🔗来源链接

    标签:

    神龙速读
    Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability
  • https://nvd.nist.gov/vuln/detail/CVE-2022-20814