Vulnerability Details : CVE-2023-20192
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.
Vulnerability category: Input validation
Products affected by CVE-2023-20192
- Cisco » Telepresence Video Communication Server » Expressway EditionVersions up to, including, (<=) x14.0.3cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:expressway:*:*:*
- cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-20192
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-20192
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.6
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H |
3.1
|
5.8
|
Cisco Systems, Inc. | |
7.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
3.1
|
4.0
|
NIST |
CWE ids for CVE-2023-20192
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2023-20192
-
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b
Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation VulnerabilitiesVendor Advisory
Jump to