Auth Remote Priv Escalation via Crafted Upgrade File in Cisco Unified CM
CVE-2023-20266 Published on August 30, 2023
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device.
Vulnerability Analysis
CVE-2023-20266 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Products Associated with CVE-2023-20266
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-20266 are published in these products:
Affected Versions
Cisco Emergency Responder:- Version 12.5(1)SU4 is affected.
- Version 12.5(1)SU8a is affected.
- Version 14SU3 is affected.
- Version 12.5(1)SU6 is affected.
- Version 12.5(1)SU7 is affected.
- Version 12.5(1)SU8 is affected.
- Version 14SU2 is affected.
- Version 14SU3 is affected.
- Version 12.5(1)SU8 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.