Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20192

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.

Published

2023-06-28T15:15:10.007

Last Modified

2024-11-21T07:40:47.917

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	telepresence_video_communication_server	≤ x14.0.3	Yes
Application	cisco	telepresence_video_communication_server	≤ x14.0.3	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)