VDB

CVE-2022-20816

CVE-2022-20816 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This vulnerability exists because the affected software does not properly validate HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system.

EPSS 0.71% · 72.7th percentile

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.71%
72.7th percentile

Affected Products

VendorProductVersions
ciscounified_communications_manager11.5\(1\), *
CiscoCisco Unified Communications Manager*

Exploit Intelligence

Timeline

  • Aug 10, 2022 CVE Published
  • Aug 11, 2022 EPSS Score
  • Sep 26, 2022 EPSS Score
  • Nov 11, 2022 EPSS Score
  • Dec 27, 2022 EPSS Score
  • Feb 12, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 30, 2023 EPSS Score
  • May 15, 2023 EPSS Score
  • Jun 30, 2023 EPSS Score
  • Aug 15, 2023 EPSS Score
  • Sep 30, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›