CiscoCVELIST:CVE-2023-20192CVE-2023-20192 Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
9.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: “Cisco Expressway Series” refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco TelePresence Video Communication Server (VCS) Expressway ",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
]Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
9.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%