Timing Attack Vulnerability in Cisco Unified Communications Manager, Unified CM SME, and Cisco Unity Connection

Timing Attack Vulnerability in Cisco Unified Communications Manager, Unified CM SME, and Cisco Unity Connection

CVE-2022-20752 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.

Learn more about our Cis Benchmark Audit For Cisco.