Details of VAR-202204-1467

ID

VAR-202204-1467

CVE

CVE-2022-20783

TITLE

Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3915

DESCRIPTION

A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted H.323 traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device

Trust: 1.08

sources: NVD: CVE-2022-20783 // VULHUB: VHN-405336 // VULMON: CVE-2022-20783

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence collaboration endpoint	scope:	lt	version:	10.11.2.2	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	gte	version:	10.0.0.0	Trust: 1.0
vendor:	cisco	model:	roomos	scope:	lt	version:	2022	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	lt	version:	9.15.10.8	Trust: 1.0

sources: NVD: CVE-2022-20783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20783
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20783
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202204-3915
value:	HIGH
Trust: 0.6
VULHUB:	VHN-405336
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-20783
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20783
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-405336
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20783
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-405336 // VULMON: CVE-2022-20783 // CNNVD: CNNVD-202204-3915 // NVD: CVE-2022-20783 // NVD: CVE-2022-20783

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-1287	Trust: 1.0

sources: VULHUB: VHN-405336 // NVD: CVE-2022-20783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3915

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3915

PATCH

title:	Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190410	Trust: 0.6
title:	Cisco: Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ce-roomos-dos-c65x2Qf2	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20783 // CNNVD: CNNVD-202204-3915

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20783	Trust: 1.8
db:	CS-HELP	id:	SB2022042127	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3915	Trust: 0.6
db:	VULHUB	id:	VHN-405336	Trust: 0.1
db:	VULMON	id:	CVE-2022-20783	Trust: 0.1

sources: VULHUB: VHN-405336 // VULMON: CVE-2022-20783 // CNNVD: CNNVD-202204-3915 // NVD: CVE-2022-20783

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ce-roomos-dos-c65x2qf2	Trust: 2.5
url:	https://cxsecurity.com/cveshow/cve-2022-20783/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042127	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405336 // VULMON: CVE-2022-20783 // CNNVD: CNNVD-202204-3915 // NVD: CVE-2022-20783

SOURCES

db:	VULHUB	id:	VHN-405336
db:	VULMON	id:	CVE-2022-20783
db:	CNNVD	id:	CNNVD-202204-3915
db:	NVD	id:	CVE-2022-20783

LAST UPDATE DATE

2024-11-23T22:50:49.644000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405336	date:	2022-05-04T00:00:00
db:	VULMON	id:	CVE-2022-20783	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202204-3915	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2022-20783	date:	2024-11-21T06:43:32.900

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405336	date:	2022-04-21T00:00:00
db:	VULMON	id:	CVE-2022-20783	date:	2022-04-21T00:00:00
db:	CNNVD	id:	CNNVD-202204-3915	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2022-20783	date:	2022-04-21T19:15:08.410