CVE-2022-20853
📋 TL;DR
This CSRF vulnerability in Cisco Expressway Series and TelePresence VCS REST API allows unauthenticated remote attackers to trick authenticated users into executing unauthorized actions. Attackers can exploit this by getting users to click malicious links, potentially causing system reloads. Organizations using affected Cisco collaboration systems are at risk.
💻 Affected Systems
- Cisco Expressway Series
- Cisco TelePresence Video Communication Server (VCS)
📦 What is this software?
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
⚠️ Risk & Real-World Impact
Worst Case
Attacker could cause repeated system reloads leading to denial of service, disrupting video conferencing and collaboration services.
Likely Case
Temporary service disruption through forced system reloads, causing brief outages in telepresence and collaboration services.
If Mitigated
No impact if proper CSRF protections are implemented or systems are patched.
🎯 Exploit Status
Exploitation requires social engineering to trick authenticated users; no authentication needed for initial attack vector
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Cisco advisory for specific fixed versions
Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6
Restart Required: Yes
Instructions:
1. Identify affected systems 2. Download appropriate Cisco software updates 3. Apply updates following Cisco documentation 4. Restart systems as required
🧯 If You Can't Patch
- Implement network segmentation to restrict access to management interfaces
- Use browser extensions that block CSRF attacks and educate users about phishing risks
🔍 How to Verify
Check if Vulnerable:
Check system version against Cisco advisory; examine if CSRF protections are implemented in REST APICheck Version:
Check via Cisco web interface or CLI: show versionVerify Fix Applied:
Verify installed version matches patched version from Cisco advisory; test CSRF protections📡 Detection & Monitoring
Log Indicators:
- Unexpected system reloads
- Multiple REST API requests from unusual sources
- CSRF token validation failures
Network Indicators:
- Unusual HTTP POST requests to management interfaces
- Requests lacking proper CSRF tokens
SIEM Query:
Search for: (event_type="system_reload" OR api_call="reload") AND source_ip NOT IN trusted_networks🔗 References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8
