QID 38898
Date Published: 2023-06-08
QID 38898: Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities (cisco-sa-expressway-priv-esc-Ls2B9t7b) (CVE-2023-20192)
A vulnerability in the privilege management functionality of Cisco Expressway Series and Cisco TelePresence VCS could allow an authenticated, local attacker with Administrator-level read-only CLI credentials to elevate their privileges to Administrator with read-write credentials on an affected system.
Affected Products
Cisco TelePresence VCS Release prior to version 14.3.0
QID Detection Logic (Unauthenticated):
The check matches version of Cisco TelePresence Video Communication Server on the exposed banner information under the SIP banner.
Note: This is banner based detection and cannot check for a workaround, hence QID is kept as practice.
A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including modifying system configuration parameters.
Customers are advised to refer to cisco-sa-expressway-priv-esc-Ls2B9t7b for more information.
- cisco-sa-expressway-priv-esc-Ls2B9t7b -
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b
CVEs related to QID 38898
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-expressway-priv-esc-Ls2B9t7b |
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b |