CVE-2022-20793

15.11.2024, 16:15

A vulnerability in pairing process of Cisco&nbsp;TelePresence CE Software and RoomOS Software for Cisco&nbsp;Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device.
This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
cisco	CNA	6.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 38%

Vendor	Product	Version
cisco	telepresence_collaboration_endpoint	9.0.1
cisco	telepresence_collaboration_endpoint	9.1.1
cisco	telepresence_collaboration_endpoint	9.1.2
cisco	telepresence_collaboration_endpoint	9.1.3
cisco	telepresence_collaboration_endpoint	9.1.4
cisco	telepresence_collaboration_endpoint	9.1.5
cisco	telepresence_collaboration_endpoint	9.1.6
cisco	telepresence_collaboration_endpoint	9.2.1
cisco	telepresence_collaboration_endpoint	9.2.2
cisco	telepresence_collaboration_endpoint	9.2.3
cisco	telepresence_collaboration_endpoint	9.2.4
cisco	telepresence_collaboration_endpoint	9.9.3
cisco	telepresence_collaboration_endpoint	9.9.4
cisco	telepresence_collaboration_endpoint	9.10.1
cisco	telepresence_collaboration_endpoint	9.10.2
cisco	telepresence_collaboration_endpoint	9.10.3
cisco	telepresence_collaboration_endpoint	9.12.3
cisco	telepresence_collaboration_endpoint	9.12.4
cisco	telepresence_collaboration_endpoint	9.12.5
cisco	telepresence_collaboration_endpoint	9.13.0
cisco	telepresence_collaboration_endpoint	9.13.1
cisco	telepresence_collaboration_endpoint	9.13.2
cisco	telepresence_collaboration_endpoint	9.13.3
cisco	telepresence_collaboration_endpoint	9.14.3
cisco	telepresence_collaboration_endpoint	9.14.4
cisco	telepresence_collaboration_endpoint	9.14.5
cisco	telepresence_collaboration_endpoint	9.14.6
cisco	telepresence_collaboration_endpoint	9.14.7
cisco	telepresence_collaboration_endpoint	9.15.0.10
cisco	telepresence_collaboration_endpoint	9.15.0.11
cisco	telepresence_collaboration_endpoint	9.15.0.13
cisco	telepresence_collaboration_endpoint	9.15.0.19
cisco	telepresence_collaboration_endpoint	9.15.3.17
cisco	telepresence_collaboration_endpoint	9.15.3.18
cisco	telepresence_collaboration_endpoint	9.15.3.19
cisco	telepresence_collaboration_endpoint	9.15.3.22
cisco	telepresence_collaboration_endpoint	9.15.3.25
cisco	telepresence_collaboration_endpoint	9.15.3.26
cisco	telepresence_collaboration_endpoint	9.15.8.12
cisco	telepresence_collaboration_endpoint	9.15.10.8
cisco	telepresence_collaboration_endpoint	9.15.13.0
cisco	roomos	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-325 - Missing Cryptographic Step
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj