May 24, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple VMware Aria Operations for Networks Vulnerabilities
June 8, 2023
Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft-B DOPSoft Vulnerability
June 8, 2023
Rewterz Threat Advisory – Multiple VMware Aria Operations for Networks Vulnerabilities
June 8, 2023
Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft-B DOPSoft Vulnerability
June 8, 2023
Severity
High
Analysis Summary
CVE-2023-20108 CVSS:7.5
Cisco Unified CM IM&P is vulnerable to a denial of service, caused by improper validation of user-supplied input. By sending a specially crafted login message, a remote attacker could exploit this vulnerability to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating.
CVE-2023-20178 CVSS:7.8
Cisco AnyConnect Secure Mobility Client and Secure Client Software for Windows for Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by an improper permissions assignment to a temporary directory created during the upgrade process. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute code with SYSTEM privileges.
CVE-2023-20006 CVSS:8.6
Cisco Expressway Series and Cisco TelePresence VCS could allow a local authenticated attacker to gain elevated privileges on the system, caused by the incorrect implementation of user role permissions. By issuing commands normally reserved for administrators with read-write capabilities, an attacker could exploit this vulnerability to execute commands beyond the sphere of their intended access level, including modifying system configuration parameters.
CVE-2023-20192 CVSS:8.4
Cisco Expressway Series and Cisco TelePresence VCS could allow a local authenticated attacker to gain elevated privileges on the system, caused by the incorrect implementation of user role permissions. By issuing commands normally reserved for administrators with read-write capabilities, an attacker could exploit this vulnerability to execute commands beyond the sphere of their intended access level, including modifying system configuration parameters.
CVE-2023-20105 CVSS:9.6
Cisco Expressway Series and Cisco TelePresence VCS could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the incorrect handling of password change requests. By sending a specially crafted request to the web-based management interface, an attacker could exploit this vulnerability to alter the passwords of any user on the system, including an administrative read-write user, and then impersonate that user.
Impact
- Denial of Service
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-20108
- CVE-2023-20178
- CVE-2023-20006
- CVE-2023-20192
- CVE-2023-20105
Affected Vendors
Cisco
Affected Products
- Cisco TelePresence VCS Release 14
- Cisco Firepower Threat Defense Software 7.2.3
- Cisco Firepower Threat Defense Software 7.2.2
- Cisco Adaptive Security Appliance Software 9.18.2.5
- Cisco Firepower Threat Defense Software 7.2.1
- Cisco Adaptive Security Appliance Software 9.18.2
- Cisco Adaptive Security Appliance Software 9.16.4
- Cisco Secure Client Software for Windows
- Cisco AnyConnect Secure Mobility Client Software for Window
- Cisco Unified Communications Manager IM & Presence Service
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.