CVE-2022-20789

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) (affected versions not specified)

Description A vulnerability in the software upgrade process could allow an authenticated, remote attacker to write arbitrary files on the affected system. This issue is due to improper restrictions applied to a system script. An attacker could exploit this by using crafted variables during the execution of a system upgrade, potentially allowing them to overwrite or append arbitrary data to system files using root-level privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.