CVE-2022-20752

CWE-208CWE-2034 documents4 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 41.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Unified Communications ManagerCisco Unity ConnectionCisco Cisco Unified Communications Manager
Timeline
PublishedJul 6
Latest updateJul 7

Description

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to det

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDcisco/unified_communications_manager12.5\(1\)12.5\(1\)su6+1
NVDcisco/unity_connection12.5\(1\)12.5\(1\)su6+1

🔴Vulnerability Details

2
GHSA
GHSA-mxrp-hmp4-qwv2: A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME)2022-07-07
CVEList
Cisco Unified Communications Products Timing Attack Vulnerability2022-07-06

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Products Timing Attack Vulnerability2022-07-06
CVE-2022-20752 (MEDIUM CVSS 5.3) | A vulnerability in Cisco Unified Co | cvebase.io