PT-2023-3112 · Cisco · Cisco Expressway Series+1
Published
2023-06-07
·
Updated
2023-07-06
·
CVE-2023-20192
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Expressway Series versions (affected versions not specified)
Cisco TelePresence Video Communication Server (VCS) versions (affected versions not specified)
Description
The issue is related to insufficient role-based access control in the CLI interface of the Cisco Expressway and Cisco TelePresence Video Communication Server (VCS) software. This could allow an attacker to elevate their privileges. An authenticated attacker with Administrator-level read-only credentials may be able to gain Administrator with read-write credentials on an affected system.
Recommendations
For Cisco Expressway Series, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Cisco TelePresence Video Communication Server (VCS), at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Expressway Series
Cisco Telepresence Video Communication Server