CVE-2022-20791

CWE-36CWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 33.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Unified Communications Manager IM AND Presence ServiceCisco Unified Communications ManagerCisco Cisco Unified Communications Manager
Timeline
PublishedJul 6
Latest updateJul 7

Description

A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vuln

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDcisco/unified_communications_manager12.512.5\(1.10000.22\)+2

🔴Vulnerability Details

2
GHSA
GHSA-q64f-4f9p-qmph: A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Man2022-07-07
CVEList
Cisco Unified Communications Products Arbitrary File Read Vulnerability2022-07-06

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Products Arbitrary File Read Vulnerability2022-07-06
CVE-2022-20791 (MEDIUM CVSS 6.5) | A vulnerability in the database use | cvebase.io