1. Home
  2. CVE Database
  3. CVE-2022-20931
MEDIUM · 6.5

CVE-2022-20931

A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the softw...

Vulnerability Description

A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older versions of the software.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
CiscoTelepresence Collaboration Endpoint< 10.15.2.2

Related Weaknesses (CWE)

CWE-527

References

FAQ

What is CVE-2022-20931?

CVE-2022-20931 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the version control of Cisco&nbsp;TelePresence CE Software for Cisco&nbsp;Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the softw...

How severe is CVE-2022-20931?

CVE-2022-20931 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-20931?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence Collaboration Endpoint.