CVE-2022-20789 - Vulnerability Details - OpenCVE

A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Unified Communications Manager

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unified_communications_manager:12.5\(1\)::::-:::
	cpe:2.3:a:cisco:unified_communications_manager:12.5\(1\)::::session_management:::
	cpe:2.3:a:cisco:unified_communications_manager:14.0::::-:::
	cpe:2.3:a:cisco:unified_communications_manager:14.0::::session_management:::

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU

History

Wed, 06 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2022-04-21T18:50:40.011021Z

Updated: 2024-11-06T16:22:29.618Z

Reserved: 2021-11-02T00:00:00

Link: CVE-2022-20789

Vulnrichment

Updated: 2024-08-03T02:24:49.661Z

NVD

Status : Modified

Published: 2022-04-21T19:15:08.630

Modified: 2024-11-21T06:43:33.593

Link: CVE-2022-20789

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Unified Communications Manager", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2022-04-20T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-73", "description": "CWE-73", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-21T18:50:39", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20220420 Cisco Unified Communications Products Arbitrary File Write Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU"}], "source": {"advisory": "cisco-sa-cucm-arb-write-74QzruUU", "defect": [["CSCvy52032"]], "discovery": "INTERNAL"}, "title": "Cisco Unified Communications Products Arbitrary File Write Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-04-20T23:00:00", "ID": "CVE-2022-20789", "STATE": "PUBLIC", "TITLE": "Cisco Unified Communications Products Arbitrary File Write Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Unified Communications Manager", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "4.9", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-73"}]}]}, "references": {"reference_data": [{"name": "20220420 Cisco Unified Communications Products Arbitrary File Write Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU"}]}, "source": {"advisory": "cisco-sa-cucm-arb-write-74QzruUU", "defect": [["CSCvy52032"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:24:49.661Z"}, "title": "CVE Program Container", "references": [{"name": "20220420 Cisco Unified Communications Products Arbitrary File Write Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-06T15:58:46.051269Z", "id": "CVE-2022-20789", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T16:22:29.618Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20789", "datePublished": "2022-04-21T18:50:40.011021Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-06T16:22:29.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU", "name": "20220420 Cisco Unified Communications Products Arbitrary File Write Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:24:49.661Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-20789", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-06T15:58:46.051269Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T15:59:09.440Z"}}], "cna": {"title": "Cisco Unified Communications Products Arbitrary File Write Vulnerability", "source": {"defect": [["CSCvy52032"]], "advisory": "cisco-sa-cucm-arb-write-74QzruUU", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Unified Communications Manager", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2022-04-20T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU", "name": "20220420 Cisco Unified Communications Products Arbitrary File Write Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2022-04-21T18:50:39"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "4.9", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"}}, "source": {"defect": [["CSCvy52032"]], "advisory": "cisco-sa-cucm-arb-write-74QzruUU", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco Unified Communications Manager"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU", "name": "20220420 Cisco Unified Communications Products Arbitrary File Write Vulnerability", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-73"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-20789", "STATE": "PUBLIC", "TITLE": "Cisco Unified Communications Products Arbitrary File Write Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-04-20T23:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2022-20789", "state": "PUBLISHED", "dateUpdated": "2024-11-06T16:22:29.618Z", "dateReserved": "2021-11-02T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2022-04-21T18:50:40.011021Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:-:*:*:*", "matchCriteriaId": "0F4F8482-029A-4A84-97F1-9EDEDCE42C6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*", "matchCriteriaId": "EB810DDE-18A0-4168-8EC1-726DA62453E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:14.0:*:*:*:-:*:*:*", "matchCriteriaId": "CD0AB4E6-61AF-4FB9-8292-75FC56EE61EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:14.0:*:*:*:session_management:*:*:*", "matchCriteriaId": "5B613D5E-BF3D-426B-9A5B-0322D48EE693", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges."}, {"lang": "es", "value": "Una vulnerabilidad en el proceso de actualizaci\u00f3n de software de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) podr\u00eda permitir a un atacante remoto autenticado escribir archivos arbitrarios en el sistema afectado. Esta vulnerabilidad es debido a restricciones inapropiadas aplicadas a un script del sistema. Un atacante podr\u00eda explotar esta vulnerabilidad al usar variables dise\u00f1adas durante la ejecuci\u00f3n de una actualizaci\u00f3n del sistema. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante sobrescribir o a\u00f1adir datos arbitrarios a los archivos del sistema usando privilegios de nivel root"}], "id": "CVE-2022-20789", "lastModified": "2024-11-21T06:43:33.593", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-21T19:15:08.630", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-610"}], "source": "nvd@nist.gov", "type": "Primary"}]}