VDB
CVE-2022-20931
CVE-2022-20931
PUBLISHED
CVSS 6.5 MEDIUM
A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older versions of the software.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
EPSS 0.08% · 24.1th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.08%
24.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | telepresence_collaboration_endpoint | 0 |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.1.4, CE9.9.3, CE9.2.4 |
Exploit Intelligence
- CIRCL seen: CVE-2022-20931 (circl-sighting)
- cisco-sa-CTT-DAV-HSvEHHEt (circl)
- app.js (github-poc)
- app.js (github-poc)
- app.js (github-poc)
- app.js (github-poc)
Timeline
- Nov 15, 2024 CVE Published
- Nov 15, 2024 CVE Updated
- Nov 15, 2024 PoC Published
- Nov 16, 2024 EPSS Score
- Dec 5, 2024 EPSS Score
- Dec 22, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 13, 2025 EPSS Score
- Mar 3, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Apr 7, 2025 EPSS Score