Sign-up

ID

VAR-202210-1443


CVE

CVE-2022-20776


TITLE

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Path traversal vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1465

DESCRIPTION

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 0.99

sources: NVD: CVE-2022-20776 // VULHUB: VHN-405329

AFFECTED PRODUCTS

vendor:ciscomodel:roomosscope:ltversion:10.20.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:ltversion:10.20.1

Trust: 1.0

sources: NVD: CVE-2022-20776

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20776
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20776
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202210-1465
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-20776
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20776
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 4.2
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202210-1465 // NVD: CVE-2022-20776 // NVD: CVE-2022-20776

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-200

Trust: 1.0

sources: VULHUB: VHN-405329 // NVD: CVE-2022-20776

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1465

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202210-1465

PATCH

title:Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212466

Trust: 0.6

sources: CNNVD: CNNVD-202210-1465

EXTERNAL IDS

db:NVDid:CVE-2022-20776

Trust: 1.7

db:CNNVDid:CNNVD-202210-1465

Trust: 0.6

db:VULHUBid:VHN-405329

Trust: 0.1

sources: VULHUB: VHN-405329 // CNNVD: CNNVD-202210-1465 // NVD: CVE-2022-20776

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-roomos-trav-befvccyu

Trust: 2.3

url:https://cxsecurity.com/cveshow/cve-2022-20776/

Trust: 0.6

sources: VULHUB: VHN-405329 // CNNVD: CNNVD-202210-1465 // NVD: CVE-2022-20776

SOURCES

db:VULHUBid:VHN-405329
db:CNNVDid:CNNVD-202210-1465
db:NVDid:CVE-2022-20776

LAST UPDATE DATE

2024-08-14T14:49:32.100000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405329date:2022-10-31T00:00:00
db:CNNVDid:CNNVD-202210-1465date:2022-11-01T00:00:00
db:NVDid:CVE-2022-20776date:2023-11-07T03:42:55.053

SOURCES RELEASE DATE

db:VULHUBid:VHN-405329date:2022-10-26T00:00:00
db:CNNVDid:CNNVD-202210-1465date:2022-10-19T00:00:00
db:NVDid:CVE-2022-20776date:2022-10-26T15:15:14.353