CVE-2022-20783 vulnerability in Cisco Products
Published on April 21, 2022
Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability
A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted H.323 traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device.
Vulnerability Analysis
CVE-2022-20783 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Products Associated with CVE-2022-20783
stack.watch emails you whenever new vulnerabilities are published in Cisco Roomos or Cisco Telepresence Collaboration Endpoint. Just hit a watch button to start following.
Affected Versions
Cisco RoomOS Software Version n/a is affected by CVE-2022-20783Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.