ID

VAR-202204-1590


CVE

CVE-2022-20804


TITLE

Cisco Unified Communications Manager Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3898

DESCRIPTION

A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition. Cisco Unified Communications Manager is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Unified Communications Manager Session Management Edition is the session management version of Unified Communications Manager

Trust: 1.08

sources: NVD: CVE-2022-20804 // VULHUB: VHN-405357 // VULMON: CVE-2022-20804

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:lteversion:14.0

Trust: 1.0

sources: NVD: CVE-2022-20804

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20804
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20804
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202204-3898
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405357
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20804
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20804
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-405357
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20804
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20804
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-405357 // VULMON: CVE-2022-20804 // CNNVD: CNNVD-202204-3898 // NVD: CVE-2022-20804 // NVD: CVE-2022-20804

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.1

sources: VULHUB: VHN-405357 // NVD: CVE-2022-20804

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3898

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-3898

PATCH

title:Cisco Unified Communications Manager Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190178

Trust: 0.6

title:Cisco: Cisco Unified Communications Products Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ucm-dos-zHS9X9kD

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20804 // CNNVD: CNNVD-202204-3898

EXTERNAL IDS

db:NVDid:CVE-2022-20804

Trust: 1.8

db:CS-HELPid:SB2022042132

Trust: 0.6

db:AUSCERTid:ESB-2022.1732

Trust: 0.6

db:CNNVDid:CNNVD-202204-3898

Trust: 0.6

db:CNVDid:CNVD-2022-44706

Trust: 0.1

db:VULHUBid:VHN-405357

Trust: 0.1

db:VULMONid:CVE-2022-20804

Trust: 0.1

sources: VULHUB: VHN-405357 // VULMON: CVE-2022-20804 // CNNVD: CNNVD-202204-3898 // NVD: CVE-2022-20804

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucm-dos-zhs9x9kd

Trust: 2.5

url:https://cxsecurity.com/cveshow/cve-2022-20804/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042132

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-denial-of-service-via-cisco-discovery-protocol-packets-38120

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1732

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/754.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405357 // VULMON: CVE-2022-20804 // CNNVD: CNNVD-202204-3898 // NVD: CVE-2022-20804

SOURCES

db:VULHUBid:VHN-405357
db:VULMONid:CVE-2022-20804
db:CNNVDid:CNNVD-202204-3898
db:NVDid:CVE-2022-20804

LAST UPDATE DATE

2024-08-14T15:21:51.184000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405357date:2022-05-03T00:00:00
db:VULMONid:CVE-2022-20804date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202204-3898date:2022-05-05T00:00:00
db:NVDid:CVE-2022-20804date:2023-11-07T03:42:59.850

SOURCES RELEASE DATE

db:VULHUBid:VHN-405357date:2022-04-21T00:00:00
db:VULMONid:CVE-2022-20804date:2022-04-21T00:00:00
db:CNNVDid:CNNVD-202204-3898date:2022-04-20T00:00:00
db:NVDid:CVE-2022-20804date:2022-04-21T19:15:08.793