CVE-2022-20752

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions (affected versions not specified) Cisco Unified Communications Manager Session Management Edition versions (affected versions not specified) Cisco Unity Connection versions (affected versions not specified)

Description A vulnerability in the system could allow an unauthenticated, remote attacker to perform a timing attack due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries, potentially determining a sensitive system password.

Recommendations For Cisco Unified Communications Manager, consider temporarily restricting access to sensitive system passwords until a patch is available. For Cisco Unified Communications Manager Session Management Edition, restrict access to system queries to minimize the risk of exploitation. For Cisco Unity Connection, avoid using sensitive system passwords in queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.