logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2022-20752

Description

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.


Affected Software


CPE Name Name Version
cisco:unified_communications_manager cisco unified communications manager 14su1
cisco:unified_communications_manager cisco unified communications manager 12.5\(1\)su6
cisco:unified_communications_manager cisco unified communications manager 14su1
cisco:unified_communications_manager cisco unified communications manager 12.5\(1\)su6
cisco:unity_connection cisco unity connection 14su1
cisco:unity_connection cisco unity connection 12.5\(1\)su6

Related