Sign-up

ID

VAR-202210-1812


CVE

CVE-2022-20955


TITLE

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Path traversal vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1460

DESCRIPTION

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 0.99

sources: NVD: CVE-2022-20955 // VULHUB: VHN-405508

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence collaboration endpointscope:ltversion:10.19.1

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2022-20955

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20955
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20955
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202210-1460
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-20955
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20955
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 4.2
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202210-1460 // NVD: CVE-2022-20955 // NVD: CVE-2022-20955

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-200

Trust: 1.0

sources: VULHUB: VHN-405508 // NVD: CVE-2022-20955

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1460

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202210-1460

PATCH

title:Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212463

Trust: 0.6

sources: CNNVD: CNNVD-202210-1460

EXTERNAL IDS

db:NVDid:CVE-2022-20955

Trust: 1.7

db:CNNVDid:CNNVD-202210-1460

Trust: 0.6

db:VULHUBid:VHN-405508

Trust: 0.1

sources: VULHUB: VHN-405508 // CNNVD: CNNVD-202210-1460 // NVD: CVE-2022-20955

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-roomos-trav-befvccyu

Trust: 2.3

url:https://cxsecurity.com/cveshow/cve-2022-20955/

Trust: 0.6

sources: VULHUB: VHN-405508 // CNNVD: CNNVD-202210-1460 // NVD: CVE-2022-20955

SOURCES

db:VULHUBid:VHN-405508
db:CNNVDid:CNNVD-202210-1460
db:NVDid:CVE-2022-20955

LAST UPDATE DATE

2024-08-14T15:42:11.344000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405508date:2022-10-31T00:00:00
db:CNNVDid:CNNVD-202210-1460date:2022-11-01T00:00:00
db:NVDid:CVE-2022-20955date:2023-11-07T03:43:23.720

SOURCES RELEASE DATE

db:VULHUBid:VHN-405508date:2022-10-26T00:00:00
db:CNNVDid:CNNVD-202210-1460date:2022-10-19T00:00:00
db:NVDid:CVE-2022-20955date:2022-10-26T15:15:15.117