First published: Thu Apr 21 2022(Updated: )
A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted H.323 traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Collaboration Endpoint | <9.15.10.8 | |
Cisco TelePresence Collaboration Endpoint | >=10.0.0.0<10.11.2.2 | |
Cisco RoomOS | <2022 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-20783 is a vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software.
The severity of CVE-2022-20783 is high with a CVSS score of 7.5.
CVE-2022-20783 affects Cisco TelePresence Collaboration Endpoint Software versions up to 9.15.10.8 and versions between 10.0.0.0 and 10.11.2.2, allowing an unauthenticated remote attacker to cause a denial of service (DoS) condition.
CVE-2022-20783 affects Cisco RoomOS Software versions up to 2022, allowing an unauthenticated remote attacker to cause a denial of service (DoS) condition.
To fix CVE-2022-20783, Cisco recommends upgrading to a fixed software version as outlined in the Cisco Security Advisory.