Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
CVE-2023-20108 CVSS:7.5
Cisco Unified CM IM&P is vulnerable to a denial of service, caused by improper validation of user-supplied input. By sending a specially crafted login message, a remote attacker could exploit this vulnerability to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating.
CVE-2023-20178 CVSS:7.8
Cisco AnyConnect Secure Mobility Client and Secure Client Software for Windows for Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by an improper permissions assignment to a temporary directory created during the upgrade process. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute code with SYSTEM privileges.
CVE-2023-20006 CVSS:8.6
Cisco Expressway Series and Cisco TelePresence VCS could allow a local authenticated attacker to gain elevated privileges on the system, caused by the incorrect implementation of user role permissions. By issuing commands normally reserved for administrators with read-write capabilities, an attacker could exploit this vulnerability to execute commands beyond the sphere of their intended access level, including modifying system configuration parameters.
CVE-2023-20192 CVSS:8.4
Cisco Expressway Series and Cisco TelePresence VCS could allow a local authenticated attacker to gain elevated privileges on the system, caused by the incorrect implementation of user role permissions. By issuing commands normally reserved for administrators with read-write capabilities, an attacker could exploit this vulnerability to execute commands beyond the sphere of their intended access level, including modifying system configuration parameters.
CVE-2023-20105 CVSS:9.6
Cisco Expressway Series and Cisco TelePresence VCS could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the incorrect handling of password change requests. By sending a specially crafted request to the web-based management interface, an attacker could exploit this vulnerability to alter the passwords of any user on the system, including an administrative read-write user, and then impersonate that user.
Cisco
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.