Cisco Patches High-Severity Vulnerabilities in Communications, Networking Products


The company has informed customers that its Expressway series and TelePresence Video Communication Server software is affected by two high-severity vulnerabilities.

One of them, tracked as CVE-2022-20814 and related to improper certificate validation, can allow a remote, unauthenticated attacker to access sensitive data through a man-in-the-middle attack. Successful exploitation of the flaw can result in the attacker intercepting or altering traffic.

The second issue, CVE-2022-20853, allows cross-site request forgery (CSRF) attacks, enabling an attacker to cause a denial of service (DoS) condition by getting a user to click on a specially crafted link.