Lucene search

CiscoCVE-2023-20108

HistoryJun 28, 2023 - 3:15 p.m.

CVE-2023-20108

2023-06-2815:15:09

CWE-770

CWE-789

cisco

web.nvd.nist.gov

828

vulnerability

xcp authentication service

cisco unified communications manager

unified cm im&p

denial of service

dos

cve-2023-20108

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

46.4%

JSON

A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.

This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.

Affected configurations

Nvd

Node

ciscounified_communications_manager_im_and_presence_serviceMatch12.5\(1\)

ciscounified_communications_manager_im_and_presence_serviceMatch14su

VendorProductVersionCPE
ciscounified_communications_manager_im_and_presence_service12.5(1)cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\):*:*:*:*:*:*:*
ciscounified_communications_manager_im_and_presence_service14sucpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14su:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager_im_and_presence_service	12.5(1)	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\):::::::*
cisco	unified_communications_manager_im_and_presence_service	14su	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14su:::::::*

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Unified Communications Manager IM and Presence Service",
    "versions": [
      {
        "version": "10.5(1)",
        "status": "affected"
      },
      {
        "version": "10.5(2)",
        "status": "affected"
      },
      {
        "version": "10.5(2a)",
        "status": "affected"
      },
      {
        "version": "10.5(2b)",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU3",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU2a",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU4a",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU4",
        "status": "affected"
      },
      {
        "version": "10.5(1)SU3",
        "status": "affected"
      },
      {
        "version": "10.5(1)SU1",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU1",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU2",
        "status": "affected"
      },
      {
        "version": "10.5(1)SU2",
        "status": "affected"
      },
      {
        "version": "11.5(1)",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU1",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU2",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU3",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU3a",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU4",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU5",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU5a",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU6",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU7",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU8",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU9",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU10",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU11",
        "status": "affected"
      },
      {
        "version": "11.0(1)",
        "status": "affected"
      },
      {
        "version": "11.0(1)SU1",
        "status": "affected"
      },
      {
        "version": "12.5(1)",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU1",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU2",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU3",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU4",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU5",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU6",
        "status": "affected"
      },
      {
        "version": "14",
        "status": "affected"
      },
      {
        "version": "14SU1",
        "status": "affected"
      },
      {
        "version": "14SU2",
        "status": "affected"
      },
      {
        "version": "14SU2a",
        "status": "affected"
      },
      {
        "version": "10.0(1)",
        "status": "affected"
      },
      {
        "version": "10.0(1)SU1",
        "status": "affected"
      },
      {
        "version": "10.0(1)SU2",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

46.4%

JSON

Related for CVE-2023-20108