Vulnerability Description
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Communications Manager | >= 14.0, < 14su2 |
| Cisco | Unified Communications Manager Im And Presence Service | >= 14.0, < 14.0su2 |
| Cisco | Unity Connection | >= 14.0, < 14su2 |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uVendor Advisory
FAQ
What is CVE-2022-20859?
CVE-2022-20859 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco...
How severe is CVE-2022-20859?
CVE-2022-20859 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20859?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager, Cisco Unified Communications Manager Im And Presence Service, Cisco Unity Connection.