CVE-2022-20752 Information

Description

A vulnerability in Cisco Unified Communications Manager (Unified CM) Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and Cisco Unity Connection could allow an unauthenticated remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK