Description
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges.
Published: 2023-08-16
Score: 6.5 Medium
EPSS: 34.3% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Dec 2025 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'No', 'Exploitation': 'PoC', 'Technical Impact': 'Total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 23 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'No', 'Exploitation': 'PoC', 'Technical Impact': 'Total'}, 'version': '2.0.3'}

Subscriptions

Cisco Telepresence Video Communication Server
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2025-12-16T18:23:20.308Z

Reserved: 2022-10-27T18:47:50.367Z

Link: CVE-2023-20209

cve-icon Vulnrichment

Updated: 2024-08-02T09:05:35.876Z

cve-icon NVD

Status : Modified

Published: 2023-08-16T21:15:09.650

Modified: 2024-11-21T07:40:50.800

Link: CVE-2023-20209

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses