CVE Vulnerabilities

CVE-2022-20807

Insertion of Sensitive Information into Log File

Published: May 27, 2022 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name Vendor Start Version End Version
Telepresence_video_communication_server Cisco * x14.0.7 (including)

Potential Mitigations

References