Rewterz Threat Advisory – CVE-2023-20188 – Cisco Small Business Switches Vulnerability
June 9, 2023Rewterz Threat Alert – Bitter APT Group – Active IOCs
June 9, 2023Rewterz Threat Advisory – CVE-2023-20188 – Cisco Small Business Switches Vulnerability
June 9, 2023Rewterz Threat Alert – Bitter APT Group – Active IOCs
June 9, 2023Severity
Medium
Analysis Summary
CVE-2023-20136 CVSS:4.3
Cisco Secure Workload could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper role-based access control (RBAC) of certain OpenAPI operations. By issuing a crafted OpenAPI function call with valid credentials, an attacker could exploit this vulnerability to execute OpenAPI operations that are reserved for the Administrator user.
CVE-2023-20116 CVSS:6.8
Cisco Unified Communications Manager is vulnerable to a denial of service, caused by insufficient validation of user-supplied input to the web UI of the Self Care Portal. By sending crafted HTTP input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Privilege Escalation
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-20136
- CVE-2023-20116
Affected Vendors
Cisco
Affected Products
- Cisco Secure Workload
- Cisco Unified Communications Manager (UCM)
Remediation
efer to Cisco Security Advisory for patch, upgrade or suggested workaround information.