Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-20793

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-15 Nov, 2024 | 15:34
Updated At-15 Nov, 2024 | 21:12
Rejected At-
Credits

Cisco Touch 10 Device Insufficient Identity Verification Vulnerability

A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:15 Nov, 2024 | 15:34
Updated At:15 Nov, 2024 | 21:12
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco Touch 10 Device Insufficient Identity Verification Vulnerability

A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco RoomOS Software
Versions
Affected
  • N/A
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco TelePresence Endpoint Software (TC/CE)
Default Status
unknown
Versions
Affected
  • CE9.10.2
  • CE9.1.4
  • CE9.10.3
  • CE9.1.5
  • CE9.10.1
  • CE9.13.0
  • CE9.1.1
  • CE9.9.4
  • CE9.2.1
  • CE9.1.3
  • CE9.1.6
  • CE9.12.3
  • CE9.13.1
  • CE9.12.4
  • CE9.14.3
  • CE9.14.4
  • CE9.13.2
  • CE9.12.5
  • CE9.14.5
  • CE9.15.0.10
  • CE9.15.0.11
  • CE9.13.3
  • CE9.15.0.13
  • CE9.14.6
  • CE9.15.3.17
  • CE9.14.7
  • CE9.15.0.19
  • CE9.15.3.19
  • CE9.15.3.18
  • CE9.0.1
  • CE9.2.2
  • CE9.1.2
  • CE9.9.3
  • CE9.2.4
  • CE9.2.3
  • CE9.15.3.22
  • CE9.15.8.12
  • CE9.15.10.8
  • CE9.15.3.26
  • CE9.15.3.25
  • CE9.15.13.0
Problem Types
TypeCWE IDDescription
cweCWE-325Missing Required Cryptographic Step
Type: cwe
CWE ID: CWE-325
Description: Missing Required Cryptographic Step
Metrics
VersionBase scoreBase severityVector
3.16.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Cisco Systems, Inc.cisco
Product
roomos
CPEs
  • cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Cisco Systems, Inc.cisco
Product
telepresence_tc_software
CPEs
  • cpe:2.3:a:cisco:telepresence_tc_software:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Cisco Systems, Inc.cisco
Product
telepresence_ce_software
CPEs
  • cpe:2.3:a:cisco:telepresence_ce_software:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:15 Nov, 2024 | 16:15
Updated At:30 Jul, 2025 | 17:12

A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CPE Matches
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.0.1
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.1.1
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.1.2
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.1.3
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.1.4
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.1.5
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.1.6
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.2.1
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.2.2
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.2.3
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.2.4
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.9.3
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.9.4
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.10.1
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.10.2
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.10.3
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.12.3
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.12.4
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.12.5
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.13.0
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.13.1
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.13.2
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.13.3
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.14.3
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.14.4
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.14.5
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.14.6
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.14.7
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.0.10
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.0.11
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.0.13
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.13:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.0.19
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.3.17
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.17:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.3.18
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.3.19
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.3.22
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.3.25
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.3.26
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.8.12
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.10.8
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_collaboration_endpoint>>9.15.13.0
cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>roomos>>-
cpe:2.3:o:cisco:roomos:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-325Secondarypsirt@cisco.com
CWE ID: CWE-325
Type: Secondary
Source: psirt@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfjpsirt@cisco.com
Vendor Advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj
Source: psirt@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1Records found
CVE-2022-20742
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.13% / 33.52%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 03:16
Updated-06 Nov, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementation of Galois/Counter Mode (GCM) ciphers. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to decrypt, read, modify, and re-encrypt data that is transmitted across an affected IPsec IKEv2 VPN tunnel.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-325
Missing Cryptographic Step
Details not found