CVE-2023-20259

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.5HIGH
EPSS
0.1%
top 65.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Cisco Cisco Emergency ResponderCisco Cisco Prime Collaboration DeploymentCisco Cisco Unified Communications Manager+7 more
Timeline
PublishedOct 4

Description

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages10 packages

NVDcisco/unified_communications_manager12.5\(1\)su7, 14su3+1
CVEListV5cisco/cisco_unified_communications_manager12.5(1)SU7, 12.5(1)SU7a, 14SU3+2

🔴Vulnerability Details

2
GHSA
GHSA-x67r-8jfc-3r5m: A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU2023-10-04
CVEList
CVE-2023-20259: A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU2023-10-04

📋Vendor Advisories

1
Cisco
Multiple Cisco Unified Communications Products Unauthenticated API High CPU Utilization Denial of Service Vulnerability2023-10-04
CVE-2023-20259 (HIGH CVSS 7.5) | A vulnerability in an API endpoint | cvebase.io