CVE-2022-20859

CWE-284Improper Access ControlCWE-863Incorrect Authorization4 documents4 sources
Severity
8.8HIGH
EPSS
1.6%
top 18.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Unified Communications ManagerCisco Unified Communications Manager IM AND Presence ServiceCisco Unity Connection+1 more
Timeline
PublishedJul 6
Latest updateJul 7

Description

A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDcisco/unity_connection14.014su2

🔴Vulnerability Details

2
GHSA
GHSA-vjcc-9q9g-593v: A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Pre2022-07-07
CVEList
Cisco Unified Communications Products Access Control Vulnerability2022-07-06

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Products Access Control Vulnerability2022-07-06
CVE-2022-20859 (HIGH CVSS 8.8) | A vulnerability in the Disaster Rec | cvebase.io