Sign-up

ID

VAR-202210-1425


CVE

CVE-2022-20811


TITLE

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Path traversal vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1466

DESCRIPTION

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 0.99

sources: NVD: CVE-2022-20811 // VULHUB: VHN-405364

AFFECTED PRODUCTS

vendor:ciscomodel:roomosscope:ltversion:10.15.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:ltversion:9.15.13.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:gteversion:9.0.0.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:gteversion:10.0.0.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:ltversion:10.15.2.2

Trust: 1.0

sources: NVD: CVE-2022-20811

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20811
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20811
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202210-1466
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-20811
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20811
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 4.2
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202210-1466 // NVD: CVE-2022-20811 // NVD: CVE-2022-20811

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-200

Trust: 1.0

sources: VULHUB: VHN-405364 // NVD: CVE-2022-20811

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1466

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202210-1466

PATCH

title:Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212467

Trust: 0.6

sources: CNNVD: CNNVD-202210-1466

EXTERNAL IDS

db:NVDid:CVE-2022-20811

Trust: 1.7

db:CNNVDid:CNNVD-202210-1466

Trust: 0.6

db:VULHUBid:VHN-405364

Trust: 0.1

sources: VULHUB: VHN-405364 // CNNVD: CNNVD-202210-1466 // NVD: CVE-2022-20811

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-roomos-trav-befvccyu

Trust: 2.3

url:https://cxsecurity.com/cveshow/cve-2022-20811/

Trust: 0.6

sources: VULHUB: VHN-405364 // CNNVD: CNNVD-202210-1466 // NVD: CVE-2022-20811

SOURCES

db:VULHUBid:VHN-405364
db:CNNVDid:CNNVD-202210-1466
db:NVDid:CVE-2022-20811

LAST UPDATE DATE

2024-08-14T14:10:31.137000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405364date:2022-10-31T00:00:00
db:CNNVDid:CNNVD-202210-1466date:2022-11-01T00:00:00
db:NVDid:CVE-2022-20811date:2023-11-07T03:43:01.097

SOURCES RELEASE DATE

db:VULHUBid:VHN-405364date:2022-10-26T00:00:00
db:CNNVDid:CNNVD-202210-1466date:2022-10-19T00:00:00
db:NVDid:CVE-2022-20811date:2022-10-26T15:15:14.493