CVE-2023-20192

EPSS 0.21%
Veröffentlicht 28.06.2023 15:15:10
Zuletzt bearbeitet 21.11.2024 07:40:47
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Telepresence Video Communication Server SwEditionexpressway Version <= x14.0.3

Cisco ≫ Telepresence Video Communication Server Version <= x14.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.431

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
psirt@cisco.com	9.6	3.1	5.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-20192

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-20192

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-20192

EUVD