Denial of Service Vulnerability in Cisco Unified Communications Manager
CVE-2023-20116

5.7MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Unified Communications Manager
Cisco Unified Communications Manager / Cisco Unity Connection
Vendor
CVE Published:
28 June 2023

What is CVE-2023-20116?

A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition can be exploited by authenticated, remote attackers. Due to inadequate validation of user-supplied input in the Self Care Portal's web UI, attackers could send specially crafted HTTP requests to the affected devices. If successfully exploited, this could lead to a denial of service condition, disrupting the functionality of the affected communication systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Unified Communications Manager 12.0(1)SU1

Cisco Unified Communications Manager 12.0(1)SU2

Cisco Unified Communications Manager 12.0(1)SU3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.