CVE-2023-20116 — Vulnetix

CVE-2023-20116 PUBLISHED CVSS 6.800000190734863 MEDIUM

A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

EPSS 0.50% · 66.5th percentile

Risk Scores

CVSS 3.1

6.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

EPSS Score

0.50%

66.5th percentile

Affected Products

Vendor	Product	Versions
cisco	unified_communications_manager	14.0\(1.10000.20\), *, 14.0\(1.10000.20\)
Cisco	Cisco Unified Communications Manager	12.5(1)SU6, ,
Cisco	Cisco Unified Communications Manager / Cisco Unity Connection	11.5(1)SU3, 11.5(1)SU3a, 11.5(1)SU3b

Exploit Intelligence

cisco-sa-cucm-dos-4Ag3yWbD (circl)

Timeline

Jun 28, 2023 CVE Published
Jun 29, 2023 EPSS Score
Aug 3, 2023 EPSS Score
Sep 7, 2023 EPSS Score
Oct 12, 2023 EPSS Score
Nov 16, 2023 EPSS Score
Dec 21, 2023 EPSS Score
Jan 25, 2024 EPSS Score
Feb 29, 2024 EPSS Score
Apr 4, 2024 EPSS Score
May 9, 2024 EPSS Score
Jun 13, 2024 EPSS Score

References

cisco-sa-cucm-dos-4Ag3yWbD url
https://nvd.nist.gov/vuln/detail/CVE-2023-20116 advisory

Open in Interactive Console →