- 18/2023
- High
Cisco has released security updates to address several vulnerabilities in multiple Cisco products.
The released security updates fix several vulnerabilities affecting multiple Cisco products such as Cisco (Unified CM) and (Unified CM SME) and Email Security Appliance (ESA).
The severity of the addressed vulnerability in the web-based management interface could allow the remote attacker to bypass security restrictions, conduct SQL injection attacks, send crafted SQL queries, and read or modify any data or elevate privileges on the affected system.
Sample of the addressed vulnerabilities:
Cisco Unified Communications Manager SQL Injection (CVE-2023-20010):
• CVSS: 8.1
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Consequences: Data Manipulation
Vulnerabilities
- CVE-2023-20010
- CVE-2023-20057
- CVE-2022-20806
- CVE-2022-20807
- CVE-2022-20809
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.