CVE-2022-20793
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco RoomOS Software | N/A | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.10.2 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.1.4 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.10.3 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.1.5 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.10.1 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.13.0 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.1.1 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.9.4 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.2.1 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.1.3 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.1.6 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.12.3 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.13.1 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.12.4 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.14.3 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.14.4 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.13.2 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.12.5 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.14.5 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.0.10 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.0.11 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.13.3 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.0.13 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.14.6 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.3.17 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.14.7 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.0.19 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.3.19 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.3.18 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.0.1 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.2.2 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.1.2 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.9.3 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.2.4 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.2.3 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.3.22 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.8.12 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.10.8 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.3.26 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.3.25 | affected |
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | CE9.15.13.0 | affected |
Weaknesses
- CWE-325: Missing Required Cryptographic Step
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.