Vulnerability Details : CVE-2022-20791
A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
Vulnerability category: Directory traversal
Products affected by CVE-2022-20791
- Cisco » Unified Communications Manager » Session Management EditionVersions from including (>=) 14.0 and up to, including, (<=) 14.0\(1.10000.20\)cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
- Cisco » Unified Communications ManagerVersions from including (>=) 12.5 and up to, including, (<=) 12.5\(1.10000.22\)cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
- Cisco » Unified Communications Manager » Session Management EditionVersions up to, including, (<=) 11.5\(1.10000.6\)cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*
- Cisco » Unified Communications ManagerVersions from including (>=) 14.0 and up to, including, (<=) 14.0\(1.10000.20\)cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
- Cisco » Unified Communications Manager » Session Management EditionVersions from including (>=) 12.5 and up to, including, (<=) 12.5\(1.10000.22\)cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*
- Cisco » Unified Communications Manager Im And Presence ServiceVersions up to, including, (<=) 12.5\(1\)cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*
- Cisco » Unified Communications Manager Im And Presence ServiceVersions from including (>=) 14.0 and before (<) 14su2cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-20791
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-20791
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
Cisco Systems, Inc. | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-20791
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
-
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2022-20791
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd
Cisco Unified Communications Products Arbitrary File Read VulnerabilityVendor Advisory
Jump to