Unauthenticated Attacker could Impersonate Legitimate Device and Pair with Affected Device

CVE-2022-20793

6.8MEDIUM

Key Information

Vendor
Cisco
Status
Cisco Roomos Software
Cisco Telepresence Endpoint Software (tc/ce)
Vendor
CVE Published:
15 November 2024

Summary

A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.

Affected Version(s)

Cisco RoomOS Software =

Cisco TelePresence Endpoint Software (TC/CE) = CE9.10.2

Cisco TelePresence Endpoint Software (TC/CE) = CE9.1.4

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.