CVE-2022-20814
📋 TL;DR
This vulnerability allows an unauthenticated remote attacker to perform man-in-the-middle attacks against Cisco Expressway-C and TelePresence VCS devices. By intercepting traffic and using a self-signed certificate, attackers can view or modify sensitive communications in clear text. Only Expressway-C and TelePresence VCS connecting to Cisco Unified Communications Manager are affected.
💻 Affected Systems
- Cisco Expressway-C
- Cisco TelePresence VCS
📦 What is this software?
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of sensitive communications data including credentials, call metadata, and configuration information between affected devices.
Likely Case
Interception and potential modification of voice/video communications and administrative traffic between devices.
If Mitigated
Limited impact with proper network segmentation and certificate validation controls in place.
🎯 Exploit Status
Requires man-in-the-middle position and ability to intercept traffic between devices.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Cisco security advisory for specific fixed versions
Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6
Restart Required: Yes
Instructions:
1. Download appropriate software update from Cisco. 2. Backup current configuration. 3. Apply update following Cisco documentation. 4. Verify certificate validation is functioning correctly.
🔧 Temporary Workarounds
No workarounds available
allCisco states there are no workarounds that address this vulnerability
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected devices from untrusted networks
- Monitor for unusual certificate validation failures or man-in-the-middle indicators
🔍 How to Verify
Check if Vulnerable:
Check device version against Cisco advisory and verify if connecting to Unified Communications ManagerCheck Version:
show version (Cisco CLI command)Verify Fix Applied:
Verify software version is updated to patched version and test certificate validation functionality📡 Detection & Monitoring
Log Indicators:
- Certificate validation failures
- Unexpected certificate changes
- Connection resets between devices
Network Indicators:
- Unusual traffic patterns between Expressway/VCS and Unified Communications Manager
- Self-signed certificates in TLS handshakes
SIEM Query:
Search for: certificate validation errors OR TLS handshake failures between affected devices🔗 References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2
