Main Vulnerability Database SB2022100623

SB2022100623 - Downgrade vulnerability in Cisco TelePresence CE Software for Cisco Touch 10 Devices

Published: October 6, 2022

Security Bulletin ID SB2022100623

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Exposure of Version-Control Repository to an Unauthorized Control Sphere (CVE-ID: CVE-2022-20931)

CWE-ID: CWE-527 - Exposure of Version-Control Repository to an Unauthorized Control Sphere

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient version control. A remote attacker on the local network can install an older version of the software on the target device and take advantage of vulnerabilities in older versions of the software.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt