CVE-2022-20793
MEDIUM EPSS 33.6%
Published Nov 15, 20241y ago · Modified Jun 17, 20262w ago
6.8 CVSS 3.1
Published Nov 15, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability None
Threat Intelligence
EPSS Exploit Probability
33.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-325
Affected Products 42
| Vendor | Product | Version | Range |
|---|---|---|---|
| cisco | telepresence_collaboration_endpoint | 9.0.1 | any |
| cisco | telepresence_collaboration_endpoint | 9.1.1 | any |
| cisco | telepresence_collaboration_endpoint | 9.1.2 | any |
| cisco | telepresence_collaboration_endpoint | 9.1.3 | any |
| cisco | telepresence_collaboration_endpoint | 9.1.4 | any |
| cisco | telepresence_collaboration_endpoint | 9.1.5 | any |
| cisco | telepresence_collaboration_endpoint | 9.1.6 | any |
| cisco | telepresence_collaboration_endpoint | 9.2.1 | any |
| cisco | telepresence_collaboration_endpoint | 9.2.2 | any |
| cisco | telepresence_collaboration_endpoint | 9.2.3 | any |
| cisco | telepresence_collaboration_endpoint | 9.2.4 | any |
| cisco | telepresence_collaboration_endpoint | 9.9.3 | any |
| cisco | telepresence_collaboration_endpoint | 9.9.4 | any |
| cisco | telepresence_collaboration_endpoint | 9.10.1 | any |
| cisco | telepresence_collaboration_endpoint | 9.10.2 | any |
| cisco | telepresence_collaboration_endpoint | 9.10.3 | any |
| cisco | telepresence_collaboration_endpoint | 9.12.3 | any |
| cisco | telepresence_collaboration_endpoint | 9.12.4 | any |
| cisco | telepresence_collaboration_endpoint | 9.12.5 | any |
| cisco | telepresence_collaboration_endpoint | 9.13.0 | any |
| cisco | telepresence_collaboration_endpoint | 9.13.1 | any |
| cisco | telepresence_collaboration_endpoint | 9.13.2 | any |
| cisco | telepresence_collaboration_endpoint | 9.13.3 | any |
| cisco | telepresence_collaboration_endpoint | 9.14.3 | any |
| cisco | telepresence_collaboration_endpoint | 9.14.4 | any |
| cisco | telepresence_collaboration_endpoint | 9.14.5 | any |
| cisco | telepresence_collaboration_endpoint | 9.14.6 | any |
| cisco | telepresence_collaboration_endpoint | 9.14.7 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.0.10 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.0.11 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.0.13 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.0.19 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.3.17 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.3.18 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.3.19 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.3.22 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.3.25 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.3.26 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.8.12 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.10.8 | any |
| cisco | telepresence_collaboration_endpoint | 9.15.13.0 | any |
| cisco | roomos | * | any |
References 1
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.