Text only | Text with Images

Networking-Forums.com

Professional Discussions => Vendor Advisories => Topic started by: Netwörkheäd on August 18, 2022, 06:43:42 PM

Title: Cisco Security Advisory - Cisco Unified Communications Products Timing Attack Vulnerability
Post by: Netwörkheäd on August 18, 2022, 06:43:42 PM
Cisco Unified Communications Products Timing Attack Vulnerability

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack.


This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.


Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.


This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK



     
         
Security Impact Rating:  Medium
   
   
       
CVE: CVE-2022-20752
Source: Cisco Unified Communications Products Timing Attack Vulnerability (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Products%20Timing%20Attack%20Vulnerability&vs_k=1)
Text only | Text with Images