ByteOS Network

NVD Vulnerability Details :

CVE-2022-20954

Modified

Source-ykramarz@cisco.com

Published At-26 Oct, 2022 | 15:15

Updated At-07 Nov, 2023 | 03:43

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Secondary	3.1	5.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Type: Primary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

CPE Matches

Cisco Systems, Inc.

>>telepresence_collaboration_endpoint>>Versions before 10.19.1(exclusive)

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>roomos>>-

cpe:2.3:o:cisco:roomos:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	nvd@nist.gov
CWE-200	Secondary	ykramarz@cisco.com

CWE ID: CWE-22

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-200

Type: Secondary

Source: ykramarz@cisco.com

References

Hyperlink	Source	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu	ykramarz@cisco.com	Vendor Advisory

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu

Source: ykramarz@cisco.com

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History