CVE-2022-20931

6.5 MEDIUM

📋 TL;DR

This vulnerability allows an unauthenticated attacker on the same network to downgrade Cisco TelePresence CE Software on Cisco Touch 10 devices to an older, potentially vulnerable version. It affects Cisco Touch 10 devices running vulnerable versions of the software, enabling exploitation of known flaws in older releases.

💻 Affected Systems

Products:

• Cisco TelePresence CE Software for Cisco Touch 10 Devices

Versions: Versions prior to the fixed release; specific ranges are detailed in the Cisco advisory.

Operating Systems: Cisco TelePresence CE Software

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Cisco Touch 10 devices in default configurations; no workarounds are available.

📦 What is this software?

Telepresence Collaboration Endpoint by Cisco

View all CVEs affecting Telepresence Collaboration Endpoint →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could install an older version with critical vulnerabilities, leading to full device compromise, data theft, or disruption of telepresence services.

🟠

Likely Case

An attacker downgrades the software to exploit known vulnerabilities in older versions, potentially gaining unauthorized access or causing service interruptions.

🟢

If Mitigated

With proper network segmentation and updated software, the risk is minimal as attackers cannot access the device or exploit the downgrade.

🌐 Internet-Facing: LOW, as exploitation requires adjacent network access, not direct internet exposure.

🏢 Internal Only: MEDIUM, because internal attackers on the same network can exploit it without authentication, but impact depends on network controls.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires adjacent network access and involves installing older software versions, but no public proof-of-concept is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Cisco advisory for specific fixed versions.

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt

Restart Required: Yes

Instructions:

1. Access the Cisco Touch 10 device management interface. 2. Download the updated software version from Cisco's support site. 3. Install the update following Cisco's documentation. 4. Restart the device to apply changes.

🧯 If You Can't Patch

• Segment the network to restrict access to Cisco Touch 10 devices, allowing only trusted devices and users.
• Monitor network traffic for unauthorized software installation attempts and review device logs regularly.

🔍 How to Verify

Check if Vulnerable:

Copy

Check the software version on the Cisco Touch 10 device via its management interface and compare with the fixed versions in the Cisco advisory.

Check Version:

Copy

Use the device's web interface or CLI (if available) to run 'show version' or check system information.

Verify Fix Applied:

Copy

Confirm the software version matches or exceeds the fixed version listed in the Cisco advisory after patching.

📡 Detection & Monitoring

Log Indicators:

• Log entries indicating software downgrade or installation of older versions.
• Unauthorized access attempts to the device management interface.

Network Indicators:

• Unusual network traffic patterns to/from Cisco Touch 10 devices, such as unexpected software update requests.

SIEM Query:

Copy

Example: 'source="Cisco_Touch10" AND (event="software_install" OR event="version_change")'

📊 Metadata

CVE ID: CVE-2022-20931

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-527

Published: November 15, 2024

Last Updated: July 31, 2025

🔗 References

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON