CVE-2022-20859 MEDIUM

CVE-2022-20859: Cisco Unified Communications Products Access Control Vulnerability

Vendor Cisco

Product Cisco Unified Communications Manager

Weakness CWE-284

Published July 6, 2022

Last update November 6, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.

Key dates

02Disclosure timeline

July 6, 2022 CVE published

November 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-20859

Related vulnerabilities

Identifiers

CVE CVE-2022-20859

CWE CWE-284

CVSS 6.5 / MEDIUM

Affected versions