CVE-2022-20790

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This issue exists due to improper validation of user-supplied input. An attacker could exploit this by sending a crafted HTTP request containing directory traversal character sequences to an affected system, potentially accessing sensitive files.

Recommendations For Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME), consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, consider disabling the web-based management interface to minimize the risk of exploitation. Avoid using the web-based management interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.