A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Jul 2022, 14:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:* cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:* cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK - Vendor Advisory | |
First Time |
Cisco unity Connection
Cisco Cisco unified Communications Manager |
|
CWE | CWE-203 |
06 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-06 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-20752
Mitre link : CVE-2022-20752
CVE.ORG link : CVE-2022-20752
JSON object : View
Products Affected
cisco
- unity_connection
- unified_communications_manager