CVE-2022-20862Relative Path Traversal in Cisco Unified Communications Manager

CWE-23Relative Path TraversalCWE-22Path Traversal4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 84.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Communications ManagerCisco Unified Communications Manager
Timeline
PublishedJul 6
Latest updateJul 7

Description

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory trav

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-cgh5-p6gg-prp3: A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Se2022-07-07
CVEList
Cisco Unified Communications Manager Arbitrary File Read Vulnerability2022-07-06

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Arbitrary File Read Vulnerability2022-07-06
CVE-2022-20862 — Relative Path Traversal in Cisco | cvebase