CVE-2022-20814

Summary

CVE-2022-20814 is a vulnerability affecting the certificate validation process in Cisco Expressway-C and Cisco TelePresence VCS. This issue allows unauthenticated, remote attackers to gain access to sensitive data by intercepting traffic between the devices and impersonating endpoints using self-signed certificates. The vulnerability arises due to inadequate validation of SSL server certificates during device connections to Cisco Unified Communications Manager. Successful exploitation enables attackers to view intercepted traffic in plaintext or manipulate its contents. Cisco has released software updates to remediate this vulnerability, and there are no known workarounds.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.