CVSS 3.1 Score 8.6 of 10 (high)


Published Oct 4, 2023
Updated: Jan 25, 2024
CWE ID 400


CVE-2023-20259 is a vulnerability found in the API endpoint of multiple Cisco Unified Communications Products. It allows an unauthenticated, remote attacker to cause high CPU utilization, potentially impacting access to the web-based management interface and causing delays with call processing. The vulnerability arises from improper API authentication and incomplete validation of API requests. To exploit this vulnerability, the attacker needs to send a crafted HTTP request to a specific API on the affected device. Successful exploitation can result in a denial of service (DoS) condition, affecting user traffic and management access. However, once the attack ceases, the device will recover without manual intervention. This vulnerability has a high severity rating and a CVSS score of 8.6. The affected products include qO3iWn, uR4vYO, tzob-y, tzob-z, qO3iWo, tzob-2, tzob-3, tzob-0, and tzob-1. Organizations should apply security patches or updates provided by Cisco to remediate this vulnerability promptly.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-20259 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options