CVE-2023-20116

2023-06-2815:15:09

CWE-835

[email protected]

web.nvd.nist.gov

cisco

unified communications manager

api

dos

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

29.2%

JSON

A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Affected configurations

Nvd

Node

ciscounified_communications_managerMatch11.5\(1.10000.6\)

ciscounified_communications_managerMatch11.5\(1.10000.6\)session_management

ciscounified_communications_managerMatch12.0\(1.10000.10\)

ciscounified_communications_managerMatch12.0\(1.10000.10\)session_management

ciscounified_communications_managerMatch12.5\(1.10000.22\)

ciscounified_communications_managerMatch12.5\(1.10000.22\)session_management

ciscounified_communications_managerMatch14.0\(1.10000.20\)

ciscounified_communications_managerMatch14.0\(1.10000.20\)session_management

VendorProductVersionCPE
ciscounified_communications_manager11.5(1.10000.6)cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*
ciscounified_communications_manager11.5(1.10000.6)cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:session_management:*:*:*
ciscounified_communications_manager12.0(1.10000.10)cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:*:*:*:*
ciscounified_communications_manager12.0(1.10000.10)cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:session_management:*:*:*
ciscounified_communications_manager12.5(1.10000.22)cpe:2.3:a:cisco:unified_communications_manager:12.5\(1.10000.22\):*:*:*:*:*:*:*
ciscounified_communications_manager12.5(1.10000.22)cpe:2.3:a:cisco:unified_communications_manager:12.5\(1.10000.22\):*:*:*:session_management:*:*:*
ciscounified_communications_manager14.0(1.10000.20)cpe:2.3:a:cisco:unified_communications_manager:14.0\(1.10000.20\):*:*:*:*:*:*:*
ciscounified_communications_manager14.0(1.10000.20)cpe:2.3:a:cisco:unified_communications_manager:14.0\(1.10000.20\):*:*:*:session_management:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	11.5(1.10000.6)	cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):::::::*
cisco	unified_communications_manager	11.5(1.10000.6)	cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\)::::session_management:::
cisco	unified_communications_manager	12.0(1.10000.10)	cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):::::::*
cisco	unified_communications_manager	12.0(1.10000.10)	cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\)::::session_management:::
cisco	unified_communications_manager	12.5(1.10000.22)	cpe:2.3:a:cisco:unified_communications_manager:12.5\(1.10000.22\):::::::*
cisco	unified_communications_manager	12.5(1.10000.22)	cpe:2.3:a:cisco:unified_communications_manager:12.5\(1.10000.22\)::::session_management:::
cisco	unified_communications_manager	14.0(1.10000.20)	cpe:2.3:a:cisco:unified_communications_manager:14.0\(1.10000.20\):::::::*
cisco	unified_communications_manager	14.0(1.10000.20)	cpe:2.3:a:cisco:unified_communications_manager:14.0\(1.10000.20\)::::session_management:::