V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2022-20931
CVE
Medium

A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticate…

CVSS
6.5
Medium
EPSS
0.00
p18
Published
2022-01-01
Updated
2022-01-01
Description

A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older versions of the software.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Tags · CWE
CWE-527
Affected products
Telepresence_collaboration_endpoint < 10.15.2.2
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Timeline
2022-01-01
Published
2022-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: A
Adjacent Network (A)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: H
High (H)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.003 · p18
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Cisco
Telepresence Collaboration Endpoint
ProductVendorStatus
telepresence_collaboration_endpoint*Tracked
Source databases
CVE
Related vulnerabilities
BDU:2023-02991