CVE-2022-20816

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (Unified CM) versions (affected versions not specified) Cisco Unified Communications Manager Session Management Edition (Unified CM SME) versions (affected versions not specified)

Description A vulnerability in the web-based management interface of the affected software could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This issue exists because the software does not properly validate HTTP requests, such as those sent to /api endpoints, allowing an attacker to exploit the vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to delete arbitrary files from the affected system.

Recommendations For Cisco Unified Communications Manager (Unified CM), at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Unified Communications Manager Session Management Edition (Unified CM SME), at the moment, there is no information about a newer version that contains a fix for this vulnerability.