Vulnerabilities > CVE-2022-20859 - Unspecified vulnerability in Cisco products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cisco

NVD

Published: 2022-07-06

Updated: 2023-11-07

Summary

A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Unified Communications Manager IM AND Presence Service 14.0 Cisco Unified Communications Manager IM AND Presence Service 14.0\(1\) Cisco Unified Communications Manager IM AND Presence Service 14.0Su1 Cisco Unified Communications Manager 14.0 Cisco Unified Communications Manager 14.0\(1.10000.20\) Cisco Unified Communications Manager 14Su1 Cisco Unity Connection 14.0 Cisco Unity Connection 14Su1	13

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY