Rewterz Threat Advisory – Multiple Cisco Unified Communications Products Vulnerability
July 11, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
July 12, 2022Rewterz Threat Advisory – Multiple Cisco Unified Communications Products Vulnerability
July 11, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
July 12, 2022Severity
High
Analysis Summary
CVE-2022-20813
Cisco Expressway Series and TelePresence Video Communication Server could allow a remote attacker to launch a man-in-the-middle attack, caused by improper certificate validation. By using a man-in-the-middle technique to intercept the traffic between devices, and then using a crafted certificate to impersonate the endpoint, an attacker could exploit this vulnerability to view the intercepted traffic in clear text or alter the contents of the traffic.
Impact
- Man in the Middle
Indicators Of Compromise
CVE
- CVE-2022-20813
Affected Vendors
Cisco
Affected Products
- Cisco Expressway Series 14
- Cisco Expressway Series 14.0.6
- Cisco TelePresence Video Communication Server 14
- Cisco TelePresence Video Communication Server 14.0.6
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.