CVE-2022-20783

CWE-1287 CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGH

EPSS

0.4%

top 38.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Roomos Cisco Telepresence Collaboration Endpoint Cisco Cisco Roomos Software

Timeline

PublishedApr 21

Latest updateApr 22

Description

A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted H.323 traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to eithe…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/telepresence_collaboration_endpoint10.0.0.0 — 10.11.2.2+1

▶CVEListV5cisco/cisco_roomos_softwaren/a

▶NVDcisco/roomos< 2022

🔴Vulnerability Details

GHSA

GHSA-64rj-w9x6-322q: A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allo↗2022-04-22

▶

CVEList

Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability↗2022-04-21

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability↗2022-04-20

▶