VDB
CVE-2023-20108
CVE-2023-20108
PUBLISHED
CVSS 7.5 HIGH
De multiples vulnérabilités ont été découvertes dans <span class="textit">les produits Cisco</span>. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service à distance.
EPSS 0.36% · 58.3th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.36%
58.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Unified Communications Manager IM and Presence Service | *, 10.0(1)SU1, 10.0(1)SU2 |
| Cisco | N/A | |
| Cisco | Adaptive Security Appliance | |
| Cisco | Unified Communications Manager | |
| cisco | unified_communications_manager_im_and_presence_service | 12.5\(1\), 14su |
| Cisco | Firepower Threat Defense |
Exploit Intelligence
- cisco-sa-cucm-imp-dos-49GL7rzT (circl)
- Cisco_CVE_2023_20178_PoC_Exploit.yara (github-yara)
- Cisco_CVE_2023_20178_PoC_Exploit.yara (github-yara)
- Cisco_CVE_2023_20178_PoC_Exploit.yara (github-yara)
- Cisco_CVE_2023_20178_PoC_Exploit.yara (github-yara)
Timeline
- Jun 8, 2023 CVE Published
- Jun 22, 2023 PoC Published
- Jun 29, 2023 EPSS Score
- Aug 3, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 12, 2023 EPSS Score
- Nov 16, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
- Jan 25, 2024 EPSS Score
- Feb 29, 2024 EPSS Score
- Apr 4, 2024 EPSS Score
- May 9, 2024 EPSS Score
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-uu7mV5p6 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-20108 advisory