CVE-2023-20116
First published: Wed Jun 28 2023(Updated: )
A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | =11.5\(1.10000.6\) | |
| Cisco Unified Communications Manager | =11.5\(1.10000.6\) | |
| Cisco Unified Communications Manager | =12.0\(1.10000.10\) | |
| Cisco Unified Communications Manager | =12.0\(1.10000.10\) | |
| Cisco Unified Communications Manager | =12.5\(1.10000.22\) | |
| Cisco Unified Communications Manager | =12.5\(1.10000.22\) | |
| Cisco Unified Communications Manager | =14.0\(1.10000.20\) | |
| Cisco Unified Communications Manager | =14.0\(1.10000.20\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-20116.
What is the title of the vulnerability?
The title of the vulnerability is 'A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME).'
What is the severity level of CVE-2023-20116?
The severity level of CVE-2023-20116 is medium with a severity value of 5.7.
Which software versions are affected by CVE-2023-20116?
Cisco Unified Communications Manager versions 11.5(1.10000.6), 12.0(1.10000.10), 12.5(1.10000.22), and 14.0(1.10000.20) are affected.
How can an authenticated, remote attacker exploit CVE-2023-20116?
An authenticated, remote attacker could exploit CVE-2023-20116 to cause a denial of service (DoS) condition on an affected system.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/11.5\(1.10000.6\)
- version/cisco unified communications manager/12.0\(1.10000.10\)
- version/cisco unified communications manager/12.5\(1.10000.22\)
- version/cisco unified communications manager/14.0\(1.10000.20\)