How severe is CVE-2022-20817?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2022-20817?

This is classified as CWE-338, which is a common weakness in software security.

CVE-2022-20817

HIGH Year: 2022

CVSS v3 Score

7.4

High

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-338

View all →

Vulnerability Description

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.

CVE-2008-0166

HIGH

CVSS:7.5(High)

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to condu...

CWE-3382008

CVE-2017-5493

HIGH

CVSS:7.5(High)

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended ac...

CWE-3382017

CVE-2017-9230

HIGH

CVSS:7.5(High)

The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multipl...

CWE-3382017

CVE-2018-11290

HIGH

CVSS:7.5(High)

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, ...

CWE-3382018

CVE-2018-11291

HIGH

CVSS:7.5(High)

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA937...

CWE-3382018

CVE-2018-12056

HIGH

CVSS:7.5(High)

The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved...

CWE-3382018

CVE-2022-20817

Vulnerability Description

Related Vulnerabilities

CVE-2008-0166

CVE-2017-5493

CVE-2017-9230

CVE-2018-11290

CVE-2018-11291

CVE-2018-12056