Cisco Unified Communications Products Timing Attack Vulnerability
CVE-2022-20752

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Communications Manager
Vendor: CVE Published:; 6 July 2022

Badges

👾 Exploit Exists

What is CVE-2022-20752?

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.

Affected Version(s)

Cisco Unified Communications Manager

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Jul 6, 2022
Vulnerability Reserved
Nov 2, 2021