Which Cisco products are affected by the Cisco Unified Communications Products Timing Attack Vulnerability?

The Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection are affected by the Cisco Unified Communications Products Timing Attack Vulnerability.

Vulnerability/
cisco-sa-ucm-timing-JVbHECOK

medium

5.3

CWE

208

6/7/2022

cisco-sa-ucm-timing-JVbHECOK: Cisco Unified Communications Products Timing Attack Vulnerability

Q: What is the Cisco Unified Communications Products Timing Attack Vulnerability?

The Cisco Unified Communications Products Timing Attack Vulnerability is a vulnerability in Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection that allows an unauthenticated, remote attacker to perform a timing attack.

Q: How does the Cisco Unified Communications Products Timing Attack Vulnerability occur?

The Cisco Unified Communications Products Timing Attack Vulnerability occurs due to insufficient protection of sensitive information during cryptographic operations by affected Cisco products.

Q: What is the severity of the Cisco Unified Communications Products Timing Attack Vulnerability?

The severity of the Cisco Unified Communications Products Timing Attack Vulnerability is medium, with a severity value of 5.3.

Q: How can I mitigate the Cisco Unified Communications Products Timing Attack Vulnerability?

To mitigate the Cisco Unified Communications Products Timing Attack Vulnerability, apply the recommended updates provided by Cisco for the affected products.

First published: Wed Jul 06 2022(Updated: )

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK

Affected Software	Affected Version	How to fix
Cisco Unified CM	=14<14SU1=12.5(1)<12.5(1)SU6	14SU1 12.5(1)SU6
Cisco Unified CM SME	=14<14SU1=12.5(1)<12.5(1)SU6	14SU1 12.5(1)SU6
Cisco Unity Connection	=14<14SU1=12.5(1)<12.5(1)SU6	14SU1 12.5(1)SU6

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK (Advisory)

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2022-20752

Frequently Asked Questions

What is the Cisco Unified Communications Products Timing Attack Vulnerability?
The Cisco Unified Communications Products Timing Attack Vulnerability is a vulnerability in Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection that allows an unauthenticated, remote attacker to perform a timing attack.
How does the Cisco Unified Communications Products Timing Attack Vulnerability occur?
The Cisco Unified Communications Products Timing Attack Vulnerability occurs due to insufficient protection of sensitive information during cryptographic operations by affected Cisco products.
What is the severity of the Cisco Unified Communications Products Timing Attack Vulnerability?
The severity of the Cisco Unified Communications Products Timing Attack Vulnerability is medium, with a severity value of 5.3.
Which Cisco products are affected by the Cisco Unified Communications Products Timing Attack Vulnerability?
The Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection are affected by the Cisco Unified Communications Products Timing Attack Vulnerability.
How can I mitigate the Cisco Unified Communications Products Timing Attack Vulnerability?
To mitigate the Cisco Unified Communications Products Timing Attack Vulnerability, apply the recommended updates provided by Cisco for the affected products.

agent/type
agent/first-publish-date
agent/softwarecombine
collector/cisco-advisory
source/Cisco
agent/software-canonical-lookup
agent/references
agent/last-modified-date
agent/title
agent/severity
agent/weakness
agent/tags
agent/description
agent/event
vendor/cisco
canonical/cisco unified cm
version/cisco unified cm/14
version/cisco unified cm/12.5(1)
canonical/cisco unified cm sme
version/cisco unified cm sme/14
version/cisco unified cm sme/12.5(1)
canonical/cisco unity connection
version/cisco unity connection/14
version/cisco unity connection/12.5(1)

cisco-sa-ucm-timing-JVbHECOK: Cisco Unified Communications Products Timing Attack Vulnerability

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

Frequently Asked Questions

What is the Cisco Unified Communications Products Timing Attack Vulnerability?

How does the Cisco Unified Communications Products Timing Attack Vulnerability occur?

What is the severity of the Cisco Unified Communications Products Timing Attack Vulnerability?

Which Cisco products are affected by the Cisco Unified Communications Products Timing Attack Vulnerability?

How can I mitigate the Cisco Unified Communications Products Timing Attack Vulnerability?

Company

Resources

Contact