CVE-2022-20816

CWE-22Path Traversal4 documents4 sources
Severity
8.1HIGH
EPSS
0.7%
top 27.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Communications ManagerCisco Cisco Unified Communications Manager
Timeline
PublishedAug 10
Latest updateAug 11

Description

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This vulnerability exists because the affected software does not properly validate HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A succes

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/unified_communications_manager11.5\(1\)14su2

🔴Vulnerability Details

2
GHSA
GHSA-6pf9-83g8-xqr2: A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Se2022-08-11
CVEList
Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability2022-08-10

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability2022-08-03
CVE-2022-20816 (HIGH CVSS 8.1) | A vulnerability in the web-based ma | cvebase.io