Privilege Escalation in Cisco Expressway Series & VCS via Admin-Only
CVE-2023-20192 Published on June 28, 2023
Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.
Vulnerability Analysis
CVE-2023-20192 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2023-20192
stack.watch emails you whenever new vulnerabilities are published in Cisco Telepresence Video Communication Server or Cisco Expressway. Just hit a watch button to start following.
Affected Versions
Cisco TelePresence Video Communication Server (VCS) Expressway Version n/a is affected by CVE-2023-20192Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.