Main Vulnerability Database Vulnerabilities #VU67959

#VU67959 Exposure of Version-Control Repository to an Unauthorized Control Sphere in Cisco TelePresence Collaboration Endpoint (CE) - CVE-2022-20931

Published: October 6, 2022

Vulnerability identifier: #VU67959

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-20931

CWE-ID: CWE-527

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Cisco TelePresence Collaboration Endpoint (CE)

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient version control. A remote attacker on the local network can install an older version of the software on the target device and take advantage of vulnerabilities in older versions of the software.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt

#VU67959 Exposure of Version-Control Repository to an Unauthorized Control Sphere in Cisco TelePresence Collaboration Endpoint (CE) - CVE-2022-20931

Description

Remediation

External links

Please verify you're human