Details of VAR-202210-1411

ID

VAR-202210-1411

CVE

CVE-2022-20953

TITLE

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Path traversal vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1464

DESCRIPTION

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 0.99

sources: NVD: CVE-2022-20953 // VULHUB: VHN-405506

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence collaboration endpoint	scope:	lt	version:	10.19.1	Trust: 1.0
vendor:	cisco	model:	roomos	scope:	eq	version:	-	Trust: 1.0

sources: NVD: CVE-2022-20953

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20953
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20953
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202210-1464
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-20953
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20953
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	4.2
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202210-1464 // NVD: CVE-2022-20953 // NVD: CVE-2022-20953

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	CWE-200	Trust: 1.0

sources: VULHUB: VHN-405506 // NVD: CVE-2022-20953

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1464

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202210-1464

PATCH

title:

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Repair measures for path traversal vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=212465

Trust: 0.6

sources: CNNVD: CNNVD-202210-1464

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20953	Trust: 1.7
db:	CNNVD	id:	CNNVD-202210-1464	Trust: 0.6
db:	VULHUB	id:	VHN-405506	Trust: 0.1

sources: VULHUB: VHN-405506 // CNNVD: CNNVD-202210-1464 // NVD: CVE-2022-20953

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-roomos-trav-befvccyu	Trust: 2.3
url:	https://cxsecurity.com/cveshow/cve-2022-20953/	Trust: 0.6

sources: VULHUB: VHN-405506 // CNNVD: CNNVD-202210-1464 // NVD: CVE-2022-20953

SOURCES

db:	VULHUB	id:	VHN-405506
db:	CNNVD	id:	CNNVD-202210-1464
db:	NVD	id:	CVE-2022-20953

LAST UPDATE DATE

2024-08-14T15:42:11.575000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405506	date:	2022-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202210-1464	date:	2022-11-01T00:00:00
db:	NVD	id:	CVE-2022-20953	date:	2023-11-07T03:43:23.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405506	date:	2022-10-26T00:00:00
db:	CNNVD	id:	CNNVD-202210-1464	date:	2022-10-19T00:00:00
db:	NVD	id:	CVE-2022-20953	date:	2022-10-26T15:15:14.800