CVE-2023-20209

Name of the Vulnerable Software and Affected Versions Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) version 14.0

Description A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) exists due to insufficient validation of user-supplied input. This could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack, resulting in remote code execution on an affected device. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges.

Recommendations For Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) version 14.0, consider disabling the web-based management interface until a patch is available. Restrict access to the management interface to minimize the risk of exploitation. Avoid using the interface for any critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.