Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities
CVE-2023-20192

7.7HIGH

Key Information:

Vendor: Cisco
Status: Cisco TelePresence Video Communication Server (VCS) Expressway
Vendor: CVE Published:; 28 June 2023

What is CVE-2023-20192?

Multiple vulnerabilities exist in Cisco Expressway Series and TelePresence Video Communication Server that could allow an authenticated attacker with Administrator-level read-only credentials to upgrade their access to Administrator with read-write permissions. Such escalations can pose significant risks to the integrity and security of the affected systems, underscoring the importance of timely patching and user credential management.

Affected Version(s)

Cisco TelePresence Video Communication Server (VCS) Expressway

References

https://sec.cloudapps.cisco.com/security/center/content/C...

vendor-advisory

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2023
Vulnerability Reserved
Oct 27, 2022