Unrated severityNVD Advisory· Published Oct 4, 2023· Updated Aug 2, 2024

CVE-2023-20259

Description

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Cisco Systems, Inc./Unified Communications Productsllm-create
Cisco Systems, Inc./Emergency Respondercpe-rescue
Range: 12.5(1)SU7
Cisco Systems, Inc./Prime Collaboration Deploymentcpe-rescue
Range: 14SU3
Cisco Systems, Inc./Unified Communications Managercpe-rescue
Range: 12.5(1)SU7
Cisco Systems, Inc./Unified Communications Manager Im And Presence Servicecpe-rescue
Range: 12.5(1)SU7
Cisco Systems, Inc./Unity Connectioncpe-rescue
Range: 14SU3

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNFmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000