Vulnerability Bulletins

Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities

System information
   
Affected software Cisco

Description
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Expressway%20Series%20and%20Cisco%20TelePresence%20Video%20Communication%20Server%20Privilege%20Escalation%20Vulnerabilities&vs_k=1

Standar resources
Property Value
CVE CVE-2023-20105 and CVE-2023-20192.

Version history
Version Comments Date
1.0 Advisory issued 2023-06-08
Ministerio de Defensa
CNI
CCN
CCN-CERT