PT-2022-6639 · Cisco · Cisco Telepresence Collaboration Endpoint
Published
2022-10-05
·
Updated
2025-07-31
·
CVE-2022-20931
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco TelePresence Collaboration Endpoint (CE) versions (affected versions not specified)
Description
The issue is related to insufficient access control to the version control repository of the Cisco TelePresence Collaboration Endpoint (CE) software. This could allow a remote attacker to read, modify, or delete data. An unauthenticated, adjacent attacker could exploit this by installing an older version of the software on an affected device, potentially taking advantage of vulnerabilities in those older versions.
Recommendations
For all affected versions, update to the latest software version released by Cisco that addresses this issue.
As a temporary workaround, consider restricting access to the version control repository to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Telepresence Collaboration Endpoint