- 249/2023
- Critical
Cisco has released security updates to fix several vulnerabilities across multiple products.
The addressed vulnerabilities could allow the attacker to execute arbitrary commands, gain elevated privileges, gain access to the affected products, or perform denial of service attacks by sending a specially crafted HTTP request to a specific API.
Sample of the addressed vulnerabilities:
1. Cisco Emergency Responder Static Credentials (CVE-2023-20101):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Cisco Unified Communications Products Denial of Service (CVE-2023-20259):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2023-20101
- CVE-2023-20235
- CVE-2023-20259
- CVE-2021-1572
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.