Unrated severityNVD Advisory· Published Apr 21, 2022· Updated Nov 6, 2024
Cisco Unified Communications Products Arbitrary File Write Vulnerability
CVE-2022-20789
Description
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: n/a
Patches
Vulnerability mechanics
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUUmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.