CVE-2022-20931 — Exposure of Version-Control Repository to an Unauthorized Control Sphere in Cisco Telepresence Collaboration Endpoint

CWE-527 — Exposure of Version-Control Repository to an Unauthorized Control Sphere4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 76.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Collaboration Endpoint Cisco Telepresence Endpoint Software

Timeline

PublishedNov 15

Description

A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_telepresence_endpoint_software41 versions+40

▶NVDcisco/telepresence_collaboration_endpoint< 10.15.2.2

🔴Vulnerability Details

GHSA

GHSA-92gj-2wf7-h87v: A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker↗2024-11-15

▶

CVEList

Cisco Touch 10 Device Downgrade Attack Vulnerability↗2024-11-15

▶

📋Vendor Advisories

Cisco

Cisco Touch 10 Devices Downgrade Vulnerability↗2022-10-05

▶