๐Ÿ” CVE Alert

CVE-2023-20116

MEDIUM 6.8
CVSS Score
6.8
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

CWE CWE-835
Vendor cisco
Product cisco unified communications manager
Ecosystems
Industries
NetworkingTelecommunications
Published Jun 28, 2023
Last Updated Aug 2, 2024
Stay Ahead of the Next One

Get instant alerts for cisco cisco unified communications manager

Be the first to know when new medium vulnerabilities affecting cisco cisco unified communications manager are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

Cisco / Cisco Unified Communications Manager
12.0(1)SU1 12.0(1)SU2 12.0(1)SU3 12.0(1)SU4 12.0(1)SU5 12.5(1) 12.5(1)SU1 12.5(1)SU2 12.5(1)SU3 12.5(1)SU4 12.5(1)SU5 12.5(1)SU6 12.5(1)SU7 12.5(1)SU7a 14 14SU1 14SU2
Cisco / Cisco Unified Communications Manager / Cisco Unity Connection
10.5(2)SU10 10.5(1) 10.5(1)SU1 10.5(1)SU1a 10.5(2) 10.5(2)SU1 10.5(2)SU2 10.5(2)SU3 10.5(2)SU4 10.5(2)SU5 10.5(2)SU6 10.5(2)SU7 10.5(2)SU8 10.5(2)SU9 10.5(2)SU2a 10.5(2)SU3a 10.5(2)SU4a 10.5(2)SU6a 11.0(1) 11.0(1a) 11.0(1a)SU1 11.0(1a)SU2 11.0(1a)SU3 11.0(1a)SU3a 11.0(1a)SU4 11.0.1 11.0.2 11.0.5 11.5(1) 11.5(1)SU1 11.5(1)SU2 11.5(1)SU3 11.5(1)SU3a 11.5(1)SU3b 11.5(1)SU4 11.5(1)SU5 11.5(1)SU6 11.5(1)SU7 11.5(1)SU8 11.5(1)SU9 11.5(1)SU10 11.5(1)SU11 10.0(1)SU2 10.0(1) 10.0(1)SU1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD