Lucene search

[email protected]CVE-2023-20116

HistoryJun 28, 2023 - 3:15 p.m.

CVE-2023-20116

2023-06-2815:15:09

CWE-835

[email protected]

web.nvd.nist.gov

cve-2023-20116

cisco

unified communications manager

axl api

dos

vulnerability

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Affected configurations

NVD

Node

ciscounified_communications_managerMatch11.5\(1.10000.6\)

ciscounified_communications_managerMatch11.5\(1.10000.6\)session_management

ciscounified_communications_managerMatch12.0\(1.10000.10\)

ciscounified_communications_managerMatch12.0\(1.10000.10\)session_management

ciscounified_communications_managerMatch12.5\(1.10000.22\)

ciscounified_communications_managerMatch12.5\(1.10000.22\)session_management

ciscounified_communications_managerMatch14.0\(1.10000.20\)

ciscounified_communications_managerMatch14.0\(1.10000.20\)session_management

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managereq11.5\(1.10000.6\)
cisco:unified_communications_managercisco unified communications managereq12.0\(1.10000.10\)
cisco:unified_communications_managercisco unified communications managereq12.5\(1.10000.22\)
cisco:unified_communications_managercisco unified communications managereq14.0\(1.10000.20\)

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	eq	11.5\(1.10000.6\)
cisco:unified_communications_manager	cisco unified communications manager	eq	12.0\(1.10000.10\)
cisco:unified_communications_manager	cisco unified communications manager	eq	12.5\(1.10000.22\)
cisco:unified_communications_manager	cisco unified communications manager	eq	14.0\(1.10000.20\)

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Unified Communications Manager",
    "versions": [
      {
        "version": "12.0(1)SU1",
        "status": "affected"
      },
      {
        "version": "12.0(1)SU2",
        "status": "affected"
      },
      {
        "version": "12.0(1)SU3",
        "status": "affected"
      },
      {
        "version": "12.0(1)SU4",
        "status": "affected"
      },
      {
        "version": "12.0(1)SU5",
        "status": "affected"
      },
      {
        "version": "12.5(1)",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU1",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU2",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU3",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU4",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU5",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU6",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU7",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU7a",
        "status": "affected"
      },
      {
        "version": "14",
        "status": "affected"
      },
      {
        "version": "14SU1",
        "status": "affected"
      },
      {
        "version": "14SU2",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Cisco",
    "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
    "versions": [
      {
        "version": "10.5(2)SU10",
        "status": "affected"
      },
      {
        "version": "10.5(1)",
        "status": "affected"
      },
      {
        "version": "10.5(1)SU1",
        "status": "affected"
      },
      {
        "version": "10.5(1)SU1a",
        "status": "affected"
      },
      {
        "version": "10.5(2)",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU1",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU2",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU3",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU4",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU5",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU6",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU7",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU8",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU9",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU2a",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU3a",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU4a",
        "status": "affected"
      },
      {
        "version": "10.5(2)SU6a",
        "status": "affected"
      },
      {
        "version": "11.0(1)",
        "status": "affected"
      },
      {
        "version": "11.0(1a)",
        "status": "affected"
      },
      {
        "version": "11.0(1a)SU1",
        "status": "affected"
      },
      {
        "version": "11.0(1a)SU2",
        "status": "affected"
      },
      {
        "version": "11.0(1a)SU3",
        "status": "affected"
      },
      {
        "version": "11.0(1a)SU3a",
        "status": "affected"
      },
      {
        "version": "11.0(1a)SU4",
        "status": "affected"
      },
      {
        "version": "11.0.1",
        "status": "affected"
      },
      {
        "version": "11.0.2",
        "status": "affected"
      },
      {
        "version": "11.0.5",
        "status": "affected"
      },
      {
        "version": "11.5(1)",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU1",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU2",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU3",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU3a",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU3b",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU4",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU5",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU6",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU7",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU8",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU9",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU10",
        "status": "affected"
      },
      {
        "version": "11.5(1)SU11",
        "status": "affected"
      },
      {
        "version": "10.0(1)SU2",
        "status": "affected"
      },
      {
        "version": "10.0(1)",
        "status": "affected"
      },
      {
        "version": "10.0(1)SU1",
        "status": "affected"
      }
    ]
  }
]