What is CVE-2022-20953?

CVE-2022-20953 is a medium-severity vulnerability in Cisco Roomos Software, classified under Information Disclosure. CVSS score: 5.5/10. Published 2022-10-26.

How severe is CVE-2022-20953?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Is CVE-2022-20953 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Cisco Roomos Software

CVE-2022-20953

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. F…

Vulnerability class: Information Disclosure

EPSS: 0.002 (44.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N.

Affected products

Cisco Roomos Software — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

karimhabush/cyberowl

References

20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities (vendor-advisory)

Frequently asked questions

What is CVE-2022-20953?: CVE-2022-20953 is a medium-severity vulnerability in Cisco Roomos Software, classified under Information Disclosure. CVSS score: 5.5/10. Published 2022-10-26.
How severe is CVE-2022-20953?: Medium severity. CVSS v3 base score is 5.5 out of 10.
Is CVE-2022-20953 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.