CVE-2022-20752
Cisco Unified Communications Products Timing Attack Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.
Una vulnerabilidad en Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y Cisco Unity Connection podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de sincronización. Esta vulnerabilidad es debido a una insuficiente protección de una contraseña del sistema. Un atacante podría explotar esta vulnerabilidad al observar el tiempo que tarda el sistema en responder a varias consultas. Una explotación con éxito podría permitir al atacante determinar una contraseña confidencial del sistema
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2021-11-02 CVE Reserved
- 2022-07-06 CVE Published
- 2024-01-27 EPSS Updated
- 2024-11-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
- CWE-208: Observable Timing Discrepancy
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | >= 12.5\(1\) < 12.5\(1\)su6 Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 12.5\(1\) < 12.5\(1\)su6" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | >= 12.5\(1\) < 12.5\(1\)su6 Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 12.5\(1\) < 12.5\(1\)su6" | session_management |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | >= 14.0 < 14su1 Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 14.0 < 14su1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | >= 14.0 < 14su1 Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 14.0 < 14su1" | session_management |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unity Connection Search vendor "Cisco" for product "Unity Connection" | >= 12.5\(1\) < 12.5\(1\)su6 Search vendor "Cisco" for product "Unity Connection" and version " >= 12.5\(1\) < 12.5\(1\)su6" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unity Connection Search vendor "Cisco" for product "Unity Connection" | >= 14.0 < 14su1 Search vendor "Cisco" for product "Unity Connection" and version " >= 14.0 < 14su1" | - |
Affected
|