Rewterz Threat Advisory – CVE-2022-33936 – Dell Cloud Mobility for Dell EMC Storage Vulnerability
July 11, 2022Rewterz Threat Advisory – CVE-2022-20813 – Cisco Expressway Series and TelePresence Video Communication Server Vulnerability
July 11, 2022Rewterz Threat Advisory – CVE-2022-33936 – Dell Cloud Mobility for Dell EMC Storage Vulnerability
July 11, 2022Rewterz Threat Advisory – CVE-2022-20813 – Cisco Expressway Series and TelePresence Video Communication Server Vulnerability
July 11, 2022Severity
Medium
Analysis Summary
CVE-2022-20752 CVSS:5.3
Cisco Unified Communications Products could allow a remote attacker to obtain sensitive information, caused by improper protection of a system password. By observing the time it takes the system to respond to various queries, an attacker could exploit this vulnerability to obtain sensitive system password information, and use this information to launch further attacks against the affected system.
CVE-2022-20815 CVSS:6.1
Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. By persuading a user of the interface to click a crafted link, a remote attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
CVE-2022-20800 CVSS:6.1
Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. By persuading a user of the interface to click a crafted link, an attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
CVE-2022-20859 CVSS:6.5
Cisco Unified Communications Products could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted command, an attacker could exploit this vulnerability to perform a set of administrative actions.
Impact
- Information Disclosure
- Cross-Site Scripting
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-20752
- CVE-2022-20815
- CVE-2022-20800
- CVE-2022-20859
Affected Vendors
Cisco
Affected Products
- Cisco Unified Communications Manager
- Cisco Unified Communications Manager Session Management Edition
- Cisco Unity Connection
- Cisco Unified Communications Manager Session Management Edition (SME) 11.5
- Cisco Unified Communications Manager 12.5(1)
- Cisco Unity Connection 12.5(1)
- Cisco Unified Communications Manager Session Management Edition (SME) 12.5(1)
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
CVE-2022-20752
CVE-2022-20815
CVE-2022-20800
CVE-2022-20859