CVE-2022-20862

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This issue is due to improper validation of user-supplied input. An attacker could exploit this by sending a crafted HTTP request containing directory traversal character sequences to an affected system, potentially allowing access to sensitive files on the operating system.

Recommendations For Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME), consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, consider disabling the functionality that allows directory traversal to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.