CVE-2022-20793

Опубликовано: 15 нояб. 2024

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.

Ссылки

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.13:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.17:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:cisco:roomos:-:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00109

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-325

Связанные уязвимости

GHSA-w4wv-5x8m-w2cf

CVSS3: 6.8

github

около 1 года назад

A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.

BDU:2023-00802

CVSS3: 6.8

fstec

больше 3 лет назад

Уязвимость программного обеспечения Cisco TelePresence CE и RoomOS для устройств Cisco Touch 10 связана с отсутствием обязательного криптографического шага

EPSS

Процентиль: 30%

0.00109

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-325