CVE-2023-20209 - OpenCVE

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation PoC

Automatable No

Technical Impact Total

Vendors	Products
Cisco	Telepresence Video Communication Server

Configuration 1 [-]

OR	cpe:2.3:a:cisco:telepresence_video_communication_server::::::::
	cpe:2.3:a:cisco:telepresence_video_communication_server:::::expressway:::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ

History

Wed, 23 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'No', 'Exploitation': 'PoC', 'Technical Impact': 'Total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-08-16T20:59:41.848Z

Updated: 2024-10-23T19:42:07.029Z

Reserved: 2022-10-27T18:47:50.367Z

Link: CVE-2023-20209

Vulnrichment

Updated: 2024-08-02T09:05:35.876Z

NVD

Status : Modified

Published: 2023-08-16T21:15:09.650

Modified: 2024-01-25T17:15:36.170

Link: CVE-2023-20209

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20209", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.367Z", "datePublished": "2023-08-16T20:59:41.848Z", "dateUpdated": "2024-10-23T19:42:07.029Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:58:00.269Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges."}], "affected": [{"vendor": "Cisco", "product": "Cisco TelePresence Video Communication Server (VCS) Expressway", "versions": [{"version": "X8.5.1", "status": "affected"}, {"version": "X8.5.3", "status": "affected"}, {"version": "X8.5", "status": "affected"}, {"version": "X8.6.1", "status": "affected"}, {"version": "X8.6", "status": "affected"}, {"version": "X8.1.1", "status": "affected"}, {"version": "X8.1.2", "status": "affected"}, {"version": "X8.1", "status": "affected"}, {"version": "X8.2.1", "status": "affected"}, {"version": "X8.2.2", "status": "affected"}, {"version": "X8.2", "status": "affected"}, {"version": "X8.7.1", "status": "affected"}, {"version": "X8.7.2", "status": "affected"}, {"version": "X8.7.3", "status": "affected"}, {"version": "X8.7", "status": "affected"}, {"version": "X8.8.1", "status": "affected"}, {"version": "X8.8.2", "status": "affected"}, {"version": "X8.8.3", "status": "affected"}, {"version": "X8.8", "status": "affected"}, {"version": "X8.9.1", "status": "affected"}, {"version": "X8.9.2", "status": "affected"}, {"version": "X8.9", "status": "affected"}, {"version": "X8.10.0", "status": "affected"}, {"version": "X8.10.1", "status": "affected"}, {"version": "X8.10.2", "status": "affected"}, {"version": "X8.10.3", "status": "affected"}, {"version": "X8.10.4", "status": "affected"}, {"version": "X12.5.8", "status": "affected"}, {"version": "X12.5.9", "status": "affected"}, {"version": "X12.5.0", "status": "affected"}, {"version": "X12.5.2", "status": "affected"}, {"version": "X12.5.7", "status": "affected"}, {"version": "X12.5.3", "status": "affected"}, {"version": "X12.5.4", "status": "affected"}, {"version": "X12.5.5", "status": "affected"}, {"version": "X12.5.1", "status": "affected"}, {"version": "X12.5.6", "status": "affected"}, {"version": "X12.6.0", "status": "affected"}, {"version": "X12.6.1", "status": "affected"}, {"version": "X12.6.2", "status": "affected"}, {"version": "X12.6.3", "status": "affected"}, {"version": "X12.6.4", "status": "affected"}, {"version": "X12.7.0", "status": "affected"}, {"version": "X12.7.1", "status": "affected"}, {"version": "X8.11.1", "status": "affected"}, {"version": "X8.11.2", "status": "affected"}, {"version": "X8.11.4", "status": "affected"}, {"version": "X8.11.3", "status": "affected"}, {"version": "X8.11.0", "status": "affected"}, {"version": "X14.0.1", "status": "affected"}, {"version": "X14.0.3", "status": "affected"}, {"version": "X14.0.2", "status": "affected"}, {"version": "X14.0.4", "status": "affected"}, {"version": "X14.0.5", "status": "affected"}, {"version": "X14.0.6", "status": "affected"}, {"version": "X14.0.7", "status": "affected"}, {"version": "X14.0.8", "status": "affected"}, {"version": "X14.0.9", "status": "affected"}, {"version": "X14.0.10", "status": "affected"}, {"version": "X14.0.11", "status": "affected"}, {"version": "X14.2.1", "status": "affected"}, {"version": "X14.2.2", "status": "affected"}, {"version": "X14.2.5", "status": "affected"}, {"version": "X14.2.6", "status": "affected"}, {"version": "X14.2.0", "status": "affected"}, {"version": "X14.2.7", "status": "affected"}, {"version": "X14.3.0", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Control of Generation of Code ('Code Injection')", "type": "cwe", "cweId": "CWE-94"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ", "name": "cisco-sa-expressway-injection-X475EbTQ"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-expressway-injection-X475EbTQ", "discovery": "EXTERNAL", "defects": ["CSCwf57215"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:35.876Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ", "name": "cisco-sa-expressway-injection-X475EbTQ", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2023-11-15T16:37:47.108582Z", "id": "CVE-2023-20209", "options": [{"Exploitation": "PoC"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T19:42:07.029Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ", "name": "cisco-sa-expressway-injection-X475EbTQ", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:35.876Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20209", "role": "CISA Coordinator", "options": [{"Exploitation": "PoC"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2023-11-15T16:37:47.108582Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T18:56:38.750Z"}}], "cna": {"source": {"defects": ["CSCwf57215"], "advisory": "cisco-sa-expressway-injection-X475EbTQ", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco TelePresence Video Communication Server (VCS) Expressway", "versions": [{"status": "affected", "version": "X8.5.1"}, {"status": "affected", "version": "X8.5.3"}, {"status": "affected", "version": "X8.5"}, {"status": "affected", "version": "X8.6.1"}, {"status": "affected", "version": "X8.6"}, {"status": "affected", "version": "X8.1.1"}, {"status": "affected", "version": "X8.1.2"}, {"status": "affected", "version": "X8.1"}, {"status": "affected", "version": "X8.2.1"}, {"status": "affected", "version": "X8.2.2"}, {"status": "affected", "version": "X8.2"}, {"status": "affected", "version": "X8.7.1"}, {"status": "affected", "version": "X8.7.2"}, {"status": "affected", "version": "X8.7.3"}, {"status": "affected", "version": "X8.7"}, {"status": "affected", "version": "X8.8.1"}, {"status": "affected", "version": "X8.8.2"}, {"status": "affected", "version": "X8.8.3"}, {"status": "affected", "version": "X8.8"}, {"status": "affected", "version": "X8.9.1"}, {"status": "affected", "version": "X8.9.2"}, {"status": "affected", "version": "X8.9"}, {"status": "affected", "version": "X8.10.0"}, {"status": "affected", "version": "X8.10.1"}, {"status": "affected", "version": "X8.10.2"}, {"status": "affected", "version": "X8.10.3"}, {"status": "affected", "version": "X8.10.4"}, {"status": "affected", "version": "X12.5.8"}, {"status": "affected", "version": "X12.5.9"}, {"status": "affected", "version": "X12.5.0"}, {"status": "affected", "version": "X12.5.2"}, {"status": "affected", "version": "X12.5.7"}, {"status": "affected", "version": "X12.5.3"}, {"status": "affected", "version": "X12.5.4"}, {"status": "affected", "version": "X12.5.5"}, {"status": "affected", "version": "X12.5.1"}, {"status": "affected", "version": "X12.5.6"}, {"status": "affected", "version": "X12.6.0"}, {"status": "affected", "version": "X12.6.1"}, {"status": "affected", "version": "X12.6.2"}, {"status": "affected", "version": "X12.6.3"}, {"status": "affected", "version": "X12.6.4"}, {"status": "affected", "version": "X12.7.0"}, {"status": "affected", "version": "X12.7.1"}, {"status": "affected", "version": "X8.11.1"}, {"status": "affected", "version": "X8.11.2"}, {"status": "affected", "version": "X8.11.4"}, {"status": "affected", "version": "X8.11.3"}, {"status": "affected", "version": "X8.11.0"}, {"status": "affected", "version": "X14.0.1"}, {"status": "affected", "version": "X14.0.3"}, {"status": "affected", "version": "X14.0.2"}, {"status": "affected", "version": "X14.0.4"}, {"status": "affected", "version": "X14.0.5"}, {"status": "affected", "version": "X14.0.6"}, {"status": "affected", "version": "X14.0.7"}, {"status": "affected", "version": "X14.0.8"}, {"status": "affected", "version": "X14.0.9"}, {"status": "affected", "version": "X14.0.10"}, {"status": "affected", "version": "X14.0.11"}, {"status": "affected", "version": "X14.2.1"}, {"status": "affected", "version": "X14.2.2"}, {"status": "affected", "version": "X14.2.5"}, {"status": "affected", "version": "X14.2.6"}, {"status": "affected", "version": "X14.2.0"}, {"status": "affected", "version": "X14.2.7"}, {"status": "affected", "version": "X14.3.0"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ", "name": "cisco-sa-expressway-injection-X475EbTQ"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-94", "description": "Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:58:00.269Z"}}}, "cveMetadata": {"cveId": "CVE-2023-20209", "state": "PUBLISHED", "dateUpdated": "2024-10-23T19:42:07.029Z", "dateReserved": "2022-10-27T18:47:50.367Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2023-08-16T20:59:41.848Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "0840F942-9484-461E-8F07-5691CD8E75DC", "versionEndExcluding": "14.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:expressway:*:*:*", "matchCriteriaId": "B55E57CE-7762-418D-B85D-19EF29429623", "versionEndExcluding": "14.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges."}], "id": "CVE-2023-20209", "lastModified": "2024-01-25T17:15:36.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-08-16T21:15:09.650", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}