High
CVE-2022-20812
Cisco Expressway Series and TelePresence Video Communication Server could allow a remote authenticated attacker to traverse directories on the system, caused by insufficient input validation of user-supplied command arguments. By authenticating to the system as an administrative read-write user and submitting crafted input to the affected command, an attacker could overwrite arbitrary files on the underlying operating system as the root user.
Cisco
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.