What is CVE-2022-20817?

CVE-2022-20817 is a high-severity vulnerability in Cisco Ip Phones With Multiplatform Firmware, classified under Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). CVSS score: 7.4/10. Published 2022-06-15.

How severe is CVE-2022-20817?

High severity. CVSS v3 base score is 7.4 out of 10.

Vulnerability in Cisco Ip Phones With Multiplatform Firmware

CVE-2022-20817

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key…

EPSS: 0.009 (76.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco Ip Phones With Multiplatform Firmware — versions n/a

Weakness classification (CWE)

CWE-338 — Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

References

20220615 Cisco IP Phone Duplicate Key Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2022-20817?: CVE-2022-20817 is a high-severity vulnerability in Cisco Ip Phones With Multiplatform Firmware, classified under Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). CVSS score: 7.4/10. Published 2022-06-15.
How severe is CVE-2022-20817?: High severity. CVSS v3 base score is 7.4 out of 10.