CVE-2023-20116 (GCVE-0-2023-20116)
Vulnerability from cvelistv5 – Published: 2023-06-28 00:00 – Updated: 2024-08-02 08:57
VLAI?
Summary
A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
Severity ?
6.8 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Affected:
12.0(1)SU1
Affected: 12.0(1)SU2 Affected: 12.0(1)SU3 Affected: 12.0(1)SU4 Affected: 12.0(1)SU5 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 12.5(1)SU7 Affected: 12.5(1)SU7a Affected: 14 Affected: 14SU1 Affected: 14SU2 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-dos-4Ag3yWbD",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)SU2"
},
{
"status": "affected",
"version": "12.0(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)SU4"
},
{
"status": "affected",
"version": "12.0(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU7a"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
}
]
},
{
"product": "Cisco Unified Communications Manager / Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(2)SU10"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU1a"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(2)SU5"
},
{
"status": "affected",
"version": "10.5(2)SU6"
},
{
"status": "affected",
"version": "10.5(2)SU7"
},
{
"status": "affected",
"version": "10.5(2)SU8"
},
{
"status": "affected",
"version": "10.5(2)SU9"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU3a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU6a"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1a)"
},
{
"status": "affected",
"version": "11.0(1a)SU1"
},
{
"status": "affected",
"version": "11.0(1a)SU2"
},
{
"status": "affected",
"version": "11.0(1a)SU3"
},
{
"status": "affected",
"version": "11.0(1a)SU3a"
},
{
"status": "affected",
"version": "11.0(1a)SU4"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.0.5"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU3b"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "10.0(1)SU2"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:46.482Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-dos-4Ag3yWbD",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD"
}
],
"source": {
"advisory": "cisco-sa-cucm-dos-4Ag3yWbD",
"defects": [
"CSCwe43377"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20116",
"datePublished": "2023-06-28T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-08-02T08:57:35.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.10000.6\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21BFC3A9-B6B1-49EE-A93A-6432BFE33E84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.10000.6\\\\):*:*:*:session_management:*:*:*\", \"matchCriteriaId\": \"D08CC27A-6320-45C4-82AA-66AC316D6C3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:12.0\\\\(1.10000.10\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BA185BB-D78F-4F4E-B248-9AF550F0C4E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:12.0\\\\(1.10000.10\\\\):*:*:*:session_management:*:*:*\", \"matchCriteriaId\": \"13A5DB3B-B62D-4E66-9D56-A1E54B1A9AEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:12.5\\\\(1.10000.22\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEEEA592-F8A1-41F2-B152-87F0A9B6087E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:12.5\\\\(1.10000.22\\\\):*:*:*:session_management:*:*:*\", \"matchCriteriaId\": \"4F504F7A-FA4C-4CA1-8CAE-417ABD900C85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:14.0\\\\(1.10000.20\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4B25936-F690-4A75-9704-39AE7A285B86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:14.0\\\\(1.10000.20\\\\):*:*:*:session_management:*:*:*\", \"matchCriteriaId\": \"60DA9958-C2A8-4F9D-98B1-617C87A09DF1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\\r\\n\\r This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.\"}]",
"id": "CVE-2023-20116",
"lastModified": "2024-11-21T07:40:35.597",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 3.6}]}",
"published": "2023-06-28T15:15:09.640",
"references": "[{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-20116\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2023-06-28T15:15:09.640\",\"lastModified\":\"2024-11-21T07:40:35.597\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\\r\\n\\r This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.10000.6\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21BFC3A9-B6B1-49EE-A93A-6432BFE33E84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:11.5\\\\(1.10000.6\\\\):*:*:*:session_management:*:*:*\",\"matchCriteriaId\":\"D08CC27A-6320-45C4-82AA-66AC316D6C3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:12.0\\\\(1.10000.10\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BA185BB-D78F-4F4E-B248-9AF550F0C4E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:12.0\\\\(1.10000.10\\\\):*:*:*:session_management:*:*:*\",\"matchCriteriaId\":\"13A5DB3B-B62D-4E66-9D56-A1E54B1A9AEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:12.5\\\\(1.10000.22\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEEEA592-F8A1-41F2-B152-87F0A9B6087E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:12.5\\\\(1.10000.22\\\\):*:*:*:session_management:*:*:*\",\"matchCriteriaId\":\"4F504F7A-FA4C-4CA1-8CAE-417ABD900C85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:14.0\\\\(1.10000.20\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4B25936-F690-4A75-9704-39AE7A285B86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:14.0\\\\(1.10000.20\\\\):*:*:*:session_management:*:*:*\",\"matchCriteriaId\":\"60DA9958-C2A8-4F9D-98B1-617C87A09DF1\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…