CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20859

A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.6%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 9.0

References

Products affected by CVE-2022-20859

Cisco » Unified Communications Manager » Version: 14.0

cpe:2.3:a:cisco:unified_communications_manager:14.0
Cisco » Unified Communications Manager » Version: 14.0(1.10000.20)

cpe:2.3:a:cisco:unified_communications_manager:14.0(1.10000.20)
Cisco » Unified Communications Manager » Version: 14.0su1

cpe:2.3:a:cisco:unified_communications_manager:14.0su1
Cisco » Unified Communications Manager » Version: 14.0su2

cpe:2.3:a:cisco:unified_communications_manager:14.0su2
Cisco » Unified Communications Manager » Version: 14.0su2a

cpe:2.3:a:cisco:unified_communications_manager:14.0su2a
Cisco » Unified Communications Manager » Version: 14.0su3

cpe:2.3:a:cisco:unified_communications_manager:14.0su3
Cisco » Unified Communications Manager » Version: 14.0su4

cpe:2.3:a:cisco:unified_communications_manager:14.0su4
Cisco » Unified Communications Manager » Version: 14.0su4a

cpe:2.3:a:cisco:unified_communications_manager:14.0su4a
Cisco » Unified Communications Manager » Version: 14su1

cpe:2.3:a:cisco:unified_communications_manager:14su1
Cisco » Unified Communications Manager Im And Presence Service » Version: 14.0

cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0
Cisco » Unified Communications Manager Im And Presence Service » Version: 14.0(1)

cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0(1)
Cisco » Unified Communications Manager Im And Presence Service » Version: 14.0su1

cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1
Cisco » Unity Connection » Version: 14.0

cpe:2.3:a:cisco:unity_connection:14.0
Cisco » Unity Connection » Version: 14su1

cpe:2.3:a:cisco:unity_connection:14su1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20859

Products

Pricing

Contact Us