A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Cisco
  • Unity Connection
  • Unified Communications Manager

Configuration 1 [-]

OR cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*
cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*
References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2022-07-06T00:00:00

Updated: 2022-07-06T20:30:12

Reserved: 2021-11-02T00:00:00

Link: CVE-2022-20752

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2022-07-06T21:15:11.387

Modified: 2023-11-07T03:42:50.630

Link: CVE-2022-20752

JSON object: View

cve-icon Redhat Information

No data.

CWE