Vulnerability Details : CVE-2023-20116
A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
Vulnerability category: Denial of service
Products affected by CVE-2023-20116
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:12.5\(1.10000.22\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:session_management:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:session_management:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:12.5\(1.10000.22\):*:*:*:session_management:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:14.0\(1.10000.20\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:14.0\(1.10000.20\):*:*:*:session_management:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-20116
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-20116
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.7
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
2.1
|
3.6
|
NIST | |
6.8
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H |
2.3
|
4.0
|
Cisco Systems, Inc. |
CWE ids for CVE-2023-20116
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2023-20116
-
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD
Cisco Unified Communications Manager Denial of Service VulnerabilityVendor Advisory
Jump to