CVE-2022-20804 An attack on the Cisco Discovery Protocol could allow an unauthenticated, adjacent attacker to cause a kernel panic.

Cisco has assigned the identifier CVE-2019-1121 to this vulnerability. There are workarounds that could be implemented to prevent the unauthenticated, adjacent attacker from causing a kernel panic on an affected system. Cisco has released software updates. A complete advisory with details about this vulnerability is available here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191. Unauthenticated, adjacent attacker exploit CVE-2019-1121 This vulnerability has been assigned Common Vulnerability Scoring System (CVSS) base score: 7.8. CVSS is a protocol for measuring the severity of security vulnerabilities. There are two types of scores: base score and impact. For more information, see: https://www.cvedetails.com/ score. CVSS is a protocol for measuring the severity of security vulnerabilities. There are two types of scores: base score and impact. For more information, see: https://www.cvedetails.com/ There are no workarounds that address this vulnerability. There are no known exploits. End users with Cisco products should be advised to keep software up to date, assume all Cisco devices can be affected, and be cautious when working with untrusted networks. Cisco Unified Contact Center Enterprise (UCCE), Cisco Unified AI Network (UANI), Cisco Digital Network Architecture (DNA), Cisco Fabric Manegement System (FMS), Cisco WebEx Meet

Vulnerable Products##

Cisco has released software updates. A complete advisory with details about this vulnerability is available here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191.

Cisco Unified Contact Center Enterprise (UCCE)

Cisco Unified Contact Center Enterprise (UCCE) is a platform from Cisco released in March of 2019. It has an interface that is similar to other contact center software such as Microsoft Dynamics 365, Oracle Primavera, and Salesforce.
The following descriptions are features of UCCE.

UCCE Software Updates

The Cisco Unified Contact Center Enterprise (UCCE) software update includes a fix for the vulnerability that is described in CVE-2019-1121. Customers with UCCE software installed should install this software update as soon as possible.

Timeline

Published on: 04/21/2022 19:15:00 UTC
Last modified on: 05/03/2022 15:31:00 UTC

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20804