Cisco fixed two high-severity bugs in Communications, Networking Products

Multiple vulnerabilities in Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software’s API and web-based administration interface might allow a remote attacker to evade certificate validation or perform cross-site request forgery attacks on an affected device." according to the IT behemoth’s recommendation. The first vulnerability, CVE-2022-20814, is an inappropriate certificate validation problem that a remote, unauthenticated attacker can exploit via a man-in-the-middle attack. A flaw in Cisco Expressway-C and Cisco TelePresence VCS certificate validation might allow an unauthenticated, remote attacker to gain unauthorised access to sensitive data. Read More…