CVE-2023-20116

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions (affected versions not specified) Cisco Unified Communications Manager Session Management Edition versions (affected versions not specified)

Description A vulnerability in the Administrative XML Web Service (AXL) API could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This issue is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this by sending crafted HTTP input to an affected device, potentially causing a DoS condition.

Recommendations For Cisco Unified Communications Manager, update to a version that addresses the insufficient validation of user-supplied input. For Cisco Unified Communications Manager Session Management Edition, update to a version that addresses the insufficient validation of user-supplied input. As a temporary workaround, consider restricting access to the Administrative XML Web Service (AXL) API to minimize the risk of exploitation.