QID 38897
Date Published: 2023-06-08
QID 38897: Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities (cisco-sa-expressway-priv-esc-Ls2B9t7b) (CVE-2023-20105)
Multiple vulnerabilities in Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system.
Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
Affected Products
Cisco TelePresence VCS Release prior to version 14.2.1
QID Detection Logic (Unauthenticated):
The check matches version of Cisco TelePresence Video Communication Server on the exposed banner information under the SIP banner.
Note: This is banner based detection, hence QID is kept as practice.
A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative read-write user, and then impersonate that user.
Customers are advised to refer to cisco-sa-expressway-priv-esc-Ls2B9t7b for more information.
- cisco-sa-expressway-priv-esc-Ls2B9t7b -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-expressway-priv-esc-Ls2B9t7b
CVEs related to QID 38897
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-expressway-priv-esc-Ls2B9t7b |
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b |