===================================================================== CERT-Renater Note d'Information No. 2022/VULN242 _____________________________________________________________________ DATE : 08/07/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Expressway Series, Cisco TelePresence Video Communication Server, Cisco Unified Communications Products, Cisco TelePresence Collaboration Endpoint and RoomOS Software, Cisco Unified Communications Manager. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-privesc-tP6uNZOS https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-qgjhEc3A _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2022-July-06. The following PSIRT security advisories (1 Critical, 1 High, 7 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities - SIR: Critical 2) Cisco Smart Software Manager On-Prem Denial of Service Vulnerability - SIR: High 3) Cisco Unified Communications Products Access Control Vulnerability - SIR: Medium 4) Cisco Unified Communications Products Arbitrary File Read Vulnerability - SIR: Medium 5) Cisco Unified Communications Products Cross-Site Scripting Vulnerability - SIR: Medium 6) Cisco Unified Communications Products Cross-Site Scripting Vulnerability - SIR: Medium 7) Cisco Unified Communications Products Timing Attack Vulnerability - SIR: Medium 8) Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability - SIR: Medium 9) Cisco Unified Communications Manager Arbitrary File Read Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities CVE-2022-20812, CVE-2022-20813 SIR: Critical CVSS Score v(3.1): 9.0 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH"] +-------------------------------------------------------------------- 2) Cisco Smart Software Manager On-Prem Denial of Service Vulnerability CVE-2022-20808 SIR: High CVSS Score v(3.1): 7.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-privesc-tP6uNZOS ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-privesc-tP6uNZOS"] +-------------------------------------------------------------------- 3) Cisco Unified Communications Products Access Control Vulnerability CVE-2022-20859 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"] +-------------------------------------------------------------------- 4) Cisco Unified Communications Products Arbitrary File Read Vulnerability CVE-2022-20791 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd"] +-------------------------------------------------------------------- 5) Cisco Unified Communications Products Cross-Site Scripting Vulnerability CVE-2022-20815 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"] +-------------------------------------------------------------------- 6) Cisco Unified Communications Products Cross-Site Scripting Vulnerability CVE-2022-20800 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"] +-------------------------------------------------------------------- 7) Cisco Unified Communications Products Timing Attack Vulnerability CVE-2022-20752 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK"] +-------------------------------------------------------------------- 8) Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability CVE-2022-20768 SIR: Medium CVSS Score v(3.1): 4.9 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"] +-------------------------------------------------------------------- 9) Cisco Unified Communications Manager Arbitrary File Read Vulnerability CVE-2022-20862 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-qgjhEc3A ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-qgjhEc3A"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================