First published: Wed May 04 2022(Updated: )
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Collaboration Endpoint | <10.8.2.5 | |
Cisco RoomOS | <2021-05 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerabilities in Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software include a denial of service (DoS) condition, viewing sensitive data, and redirecting users to an attacker-controlled destination.
A remote attacker can exploit CVE-2022-20764 to cause a denial of service (DoS) condition, view sensitive data, or redirect users to an attacker-controlled destination.
CVE-2022-20764 has a severity rating of 8.1 (high).
CVE-2022-20764 affects Cisco TelePresence Collaboration Endpoint Software versions up to and exclusive of 10.8.2.5 and Cisco RoomOS Software versions up to and exclusive of 2021-05.
To mitigate the vulnerabilities, it is recommended to update to the latest patched versions of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software.