Details of VAR-202207-0213

ID

VAR-202207-0213

CVE

CVE-2022-20768

TITLE

Cisco TelePresence Collaboration Endpoint Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016241

DESCRIPTION

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials. Both Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are products of Cisco (Cisco). Cisco RoomOS Software is a suite of automated management software for Cisco devices. This software is mainly used to upgrade and manage the motherboard firmware of Cisco equipment

Trust: 1.8

sources: NVD: CVE-2022-20768 // JVNDB: JVNDB-2022-016241 // VULHUB: VHN-405321 // VULMON: CVE-2022-20768

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence collaboration endpoint	scope:	lt	version:	10.15.2.2	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco telepresence collaboration endpoint	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco telepresence collaboration endpoint	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-016241 // NVD: CVE-2022-20768

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20768
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20768
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20768
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202207-525
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-405321
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-20768
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-20768
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405321
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20768
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20768
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405321 // VULMON: CVE-2022-20768 // JVNDB: JVNDB-2022-016241 // CNNVD: CNNVD-202207-525 // NVD: CVE-2022-20768 // NVD: CVE-2022-20768

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.1
problemtype:	Information leakage from log files (CWE-532) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405321 // JVNDB: JVNDB-2022-016241 // NVD: CVE-2022-20768

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-525

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202207-525

PATCH

title:	cisco-sa-roomos-infodisc-YOTz9Ct7	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7	Trust: 0.8
title:	Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Repair measures for log information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198871	Trust: 0.6
title:	Cisco: Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-roomos-infodisc-YOTz9Ct7	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20768 // JVNDB: JVNDB-2022-016241 // CNNVD: CNNVD-202207-525

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20768	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-016241	Trust: 0.8
db:	CNNVD	id:	CNNVD-202207-525	Trust: 0.7
db:	CS-HELP	id:	SB2022070703	Trust: 0.6
db:	VULHUB	id:	VHN-405321	Trust: 0.1
db:	VULMON	id:	CVE-2022-20768	Trust: 0.1

sources: VULHUB: VHN-405321 // VULMON: CVE-2022-20768 // JVNDB: JVNDB-2022-016241 // CNNVD: CNNVD-202207-525 // NVD: CVE-2022-20768

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-roomos-infodisc-yotz9ct7	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20768	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20768/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070703	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/532.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405321 // VULMON: CVE-2022-20768 // JVNDB: JVNDB-2022-016241 // CNNVD: CNNVD-202207-525 // NVD: CVE-2022-20768

SOURCES

db:	VULHUB	id:	VHN-405321
db:	VULMON	id:	CVE-2022-20768
db:	JVNDB	id:	JVNDB-2022-016241
db:	CNNVD	id:	CNNVD-202207-525
db:	NVD	id:	CVE-2022-20768

LAST UPDATE DATE

2024-08-14T14:55:24.480000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405321	date:	2022-07-14T00:00:00
db:	VULMON	id:	CVE-2022-20768	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-016241	date:	2023-10-03T06:29:00
db:	CNNVD	id:	CNNVD-202207-525	date:	2022-07-15T00:00:00
db:	NVD	id:	CVE-2022-20768	date:	2023-11-07T03:42:53.597

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405321	date:	2022-07-06T00:00:00
db:	VULMON	id:	CVE-2022-20768	date:	2022-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-016241	date:	2023-10-03T00:00:00
db:	CNNVD	id:	CNNVD-202207-525	date:	2022-07-06T00:00:00
db:	NVD	id:	CVE-2022-20768	date:	2022-07-06T21:15:11.447