Privilege Escalation Vulnerability in Cisco Unified Communications Products
CVE-2023-20266

6.5MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Emergency Responder
Cisco Unity Connection
Cisco Unified Communications Manager
Vendor
CVE Published:
30 August 2023

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2023-20266?

A security flaw exists in Cisco Emergency Responder and related Unified Communications products, allowing an authenticated remote attacker to gain root privileges. This vulnerability arises due to inadequate restrictions on the upgrade files utilized by the application. An attacker with valid platform administrator credentials could exploit this weakness by deploying a specially crafted upgrade file, thereby elevating their access rights and compromising the affected device's integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Emergency Responder 12.5(1)SU4

Cisco Emergency Responder 12.5(1)SU8a

Cisco Emergency Responder 14SU3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.