CVE-2023-20259

Summary

CVE-2023-20259 is a vulnerability found in the API endpoint of multiple Cisco Unified Communications Products. It allows an unauthenticated, remote attacker to cause high CPU utilization, potentially impacting access to the web-based management interface and causing delays with call processing. The vulnerability arises from improper API authentication and incomplete validation of API requests. To exploit this vulnerability, the attacker needs to send a crafted HTTP request to a specific API on the affected device. Successful exploitation can result in a denial of service (DoS) condition, affecting user traffic and management access. However, once the attack ceases, the device will recover without manual intervention. This vulnerability has a high severity rating and a CVSS score of 8.6. The affected products include qO3iWn, uR4vYO, tzob-y, tzob-z, qO3iWo, tzob-2, tzob-3, tzob-0, and tzob-1. Organizations should apply security patches or updates provided by Cisco to remediate this vulnerability promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.