CVE-2023-20108 — Memory Allocation with Excessive Size Value in Cisco Unified Communications Manager IM AND Presence Service

CWE-789 — Memory Allocation with Excessive Size Value CWE-770 — Allocation of Resources Without Limits or Throttling4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 46.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager IM AND Presence Service Cisco Unified Communications Manager IM AND Presence Service

Timeline

PublishedJun 28

Description

A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/unified_communications_manager_im_and_presence_service12.5\(1\), 14su+1

▶CVEListV5cisco/cisco_unified_communications_manager_im_and_presence_service43 versions+42

🔴Vulnerability Details

CVEList

CVE-2023-20108: A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an u↗2023-06-28

▶

GHSA

GHSA-8937-gcf5-34xq: A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an u↗2023-06-28

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability↗2023-06-07

▶