Unrated severityNVD Advisory· Published Aug 16, 2023· Updated Dec 16, 2025

CVE-2023-20209

Description

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A command injection vulnerability in Cisco Expressway Series and TelePresence VCS allows authenticated read-write users to execute arbitrary commands as root via crafted requests to the web management interface.

Vulnerability

A command injection vulnerability exists in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). The issue is due to insufficient validation of user-supplied input. Affected versions include those running vulnerable releases of Cisco Expressway Series and Cisco TelePresence VCS with the Automatic Certification Revocation Lists (CRL) updates feature enabled. This feature is disabled by default, but an attacker with read-write privileges can enable it. [1]

Exploitation

An attacker must have authenticated read-write privileges on the application. The Automatic CRL updates feature must be enabled (the attacker can enable it if they have the required privileges). The attacker then sends a crafted request to the web-based management interface, which triggers the command injection. [1]

Impact

Successful exploitation allows the attacker to establish a remote shell with root privileges, resulting in full compromise of the affected device, including the ability to execute arbitrary commands. [1]

Mitigation

Cisco has released software updates that address this vulnerability. No workarounds are available. Users should upgrade to a fixed version as specified in the Cisco Security Advisory. [1]

References

Cisco Security Advisory: Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Telepresence Video Communication Serverllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: X8.5.1
Cisco Systems, Inc./Expressway Seriesllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.027
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000