Sign-up

ID

VAR-202210-1702


CVE

CVE-2022-20954


TITLE

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Path traversal vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1463

DESCRIPTION

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 0.99

sources: NVD: CVE-2022-20954 // VULHUB: VHN-405507

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence collaboration endpointscope:ltversion:10.19.1

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2022-20954

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20954
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20954
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202210-1463
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-20954
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20954
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 4.2
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202210-1463 // NVD: CVE-2022-20954 // NVD: CVE-2022-20954

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-200

Trust: 1.0

sources: VULHUB: VHN-405507 // NVD: CVE-2022-20954

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1463

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202210-1463

PATCH

title:Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212464

Trust: 0.6

sources: CNNVD: CNNVD-202210-1463

EXTERNAL IDS

db:NVDid:CVE-2022-20954

Trust: 1.7

db:CNNVDid:CNNVD-202210-1463

Trust: 0.6

db:VULHUBid:VHN-405507

Trust: 0.1

sources: VULHUB: VHN-405507 // CNNVD: CNNVD-202210-1463 // NVD: CVE-2022-20954

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-roomos-trav-befvccyu

Trust: 2.3

url:https://cxsecurity.com/cveshow/cve-2022-20954/

Trust: 0.6

sources: VULHUB: VHN-405507 // CNNVD: CNNVD-202210-1463 // NVD: CVE-2022-20954

SOURCES

db:VULHUBid:VHN-405507
db:CNNVDid:CNNVD-202210-1463
db:NVDid:CVE-2022-20954

LAST UPDATE DATE

2024-08-14T13:21:35.191000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405507date:2022-10-31T00:00:00
db:CNNVDid:CNNVD-202210-1463date:2022-11-01T00:00:00
db:NVDid:CVE-2022-20954date:2023-11-07T03:43:23.547

SOURCES RELEASE DATE

db:VULHUBid:VHN-405507date:2022-10-26T00:00:00
db:CNNVDid:CNNVD-202210-1463date:2022-10-19T00:00:00
db:NVDid:CVE-2022-20954date:2022-10-26T15:15:15.017