CVE-2022-20794

Description

Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.

Related CPE's

aciscotelepresence_collaboration_endpoint********

aciscotelepresence_collaboration_endpoint********

ociscoroomos********

References

20220504 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Vendor Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

REQUIRED

Scope

CHANGED

ConfidentialityImpact

NONE

IntegrityImpact

LOW

AvailabilityImpact

NONE

BaseScore

4.7

BaseSeverity

MEDIUM

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

4.3

Created by Yello
About Severity.io