CVE-2023-20192

CWE-20Improper Input ValidationCWE-269Improper Privilege Management4 documents4 sources
Severity
7.7HIGH
EPSS
0.3%
top 50.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Telepresence Video Communication ServerCisco Cisco Telepresence Video Communication Server (vcs) Expressway
Timeline
PublishedJun 28

Description

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details secti

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:HExploitability: 3.1 | Impact: 5.8

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-hqc2-r8jq-7rg7: Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with2023-06-28
CVEList
Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities2023-06-28

📋Vendor Advisories

1
Cisco
Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities2023-06-07
CVE-2023-20192 (HIGH CVSS 7.7) | Multiple vulnerabilities in Cisco E | cvebase.io