CVE-2022-20776

CWE-200Information ExposureCWE-22Path TraversalCWE-23CWE-614 documents4 sources
Severity
6.7MEDIUM
EPSS
0.3%
top 47.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco RoomosCisco Telepresence Collaboration EndpointCisco Cisco Roomos Software
Timeline
PublishedOct 26

Description

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:NExploitability: 1.2 | Impact: 4.2

Affected Packages3 packages

NVDcisco/roomos< 10.20.1

🔴Vulnerability Details

2
CVEList
Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities2022-10-26
GHSA
GHSA-fq3r-v7q7-f72f: Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path2022-10-26

📋Vendor Advisories

1
Cisco
Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities2022-10-19
CVE-2022-20776 (MEDIUM CVSS 6.7) | Multiple vulnerabilities in Cisco T | cvebase.io