CVE-2022-20752 — Vulnetix

CVE-2022-20752 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.

EPSS 0.37% · 58.9th percentile

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.37%

58.9th percentile

Affected Products

Vendor	Product	Versions
cisco	unity_connection	12.5\(1\), 14.0
Cisco	Cisco Unified Communications Manager	*
cisco	unified_communications_manager	12.5\(1\), 12.5\(1\), 14.0

Exploit Intelligence

20220706 Cisco Unified Communications Products Timing Attack Vulnerability (cve.org)

Timeline

Jul 6, 2022 CVE Published
Jul 7, 2022 EPSS Score
Aug 24, 2022 EPSS Score
Oct 11, 2022 EPSS Score
Nov 27, 2022 EPSS Score
Jan 13, 2023 EPSS Score
Mar 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 18, 2023 EPSS Score
Jun 4, 2023 EPSS Score
Jul 21, 2023 EPSS Score
Sep 7, 2023 EPSS Score

References

20220706 Cisco Unified Communications Products Timing Attack Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-20752 advisory

Open in Interactive Console →