Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities
CVE-2023-20192

9.6CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Telepresence Video Communication Server (vcs) Expressway
Vendor: CVE Published:; 28 June 2023

Badges

👾 Exploit Exists

What is CVE-2023-20192?

Multiple vulnerabilities exist in Cisco Expressway Series and TelePresence Video Communication Server that could allow an authenticated attacker with Administrator-level read-only credentials to upgrade their access to Administrator with read-write permissions. Such escalations can pose significant risks to the integrity and security of the affected systems, underscoring the importance of timely patching and user credential management.

Affected Version(s)

Cisco TelePresence Video Communication Server (VCS) Expressway

References

https://sec.cloudapps.cisco.com/security/center/content/C...

vendor-advisory

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 25, 2026
Vulnerability published
Jun 28, 2023
Vulnerability Reserved
Oct 27, 2022

CVE-2023-20192 Data

JSON