Cisco TelePresence CE Software Vulnerability Affects Touch 10 Devices
CVE-2022-20931

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Telepresence Endpoint Software (tc/ce)
Vendor: CVE Published:; 15 November 2024

What is CVE-2022-20931?

A vulnerability in the version control mechanism of Cisco TelePresence CE Software for Touch 10 Devices allows an adjacent, unauthenticated attacker to install an inferior version of the software on vulnerable devices. This flaw arises from insufficient version control practices, enabling an attacker to exploit known vulnerabilities in older software, posing security threats to the affected system. Cisco has provided software updates to mitigate this issue, and there are no known workarounds available.

Affected Version(s)

Cisco TelePresence Endpoint Software (TC/CE) CE9.10.2

Cisco TelePresence Endpoint Software (TC/CE) CE9.1.4

Cisco TelePresence Endpoint Software (TC/CE) CE9.9.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 2, 2021