CVE-2022-20862 — Vulnetix

CVE-2022-20862 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system.

EPSS 0.05% · 16.3th percentile

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.05%

16.3th percentile

Affected Products

Vendor	Product	Versions
cisco	unified_communications_manager	0, 0, 14.0
Cisco	Cisco Unified Communications Manager	*

Exploit Intelligence

20220706 Cisco Unified Communications Manager Arbitrary File Read Vulnerability (circl)

Timeline

Jul 6, 2022 CVE Published
Jul 7, 2022 EPSS Score
Aug 24, 2022 EPSS Score
Oct 11, 2022 EPSS Score
Nov 27, 2022 EPSS Score
Jan 13, 2023 EPSS Score
Mar 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 18, 2023 EPSS Score
Jun 4, 2023 EPSS Score
Jul 21, 2023 EPSS Score
Sep 7, 2023 EPSS Score

References

20220706 Cisco Unified Communications Manager Arbitrary File Read Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-20862 advisory

Open in Interactive Console →