Denial of Service Vulnerability in Cisco Unified Communications Manager
CVE-2023-20116

5.7MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Communications Manager; Cisco Unified Communications Manager / Cisco Unity Connection
Vendor: CVE Published:; 28 June 2023

Summary

A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition can be exploited by authenticated, remote attackers. Due to inadequate validation of user-supplied input in the Self Care Portal's web UI, attackers could send specially crafted HTTP requests to the affected devices. If successfully exploited, this could lead to a denial of service condition, disrupting the functionality of the affected communication systems.

Affected Version(s)

Cisco Unified Communications Manager 12.0(1)SU1

Cisco Unified Communications Manager 12.0(1)SU2

Cisco Unified Communications Manager 12.0(1)SU3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2023
Vulnerability Reserved
Oct 27, 2022