Cisco Releases Security Updates for Multiple Products

Security updates address one Critical, three High and three Medium severity vulnerabilities in Expressway Series, Cisco TelePresence Video Communication Server, and other products

Threat ID:: CC-4332
Threat Severity:: Information only
Published:: 8 June 2023 1:17 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security updates address one Critical, three High and three Medium severity vulnerabilities in Expressway Series, Cisco TelePresence Video Communication Server, and other products

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 14.3.0

Cisco TelePresence Video Communication Server (VCS) and Expressway

Versions: all prior to 12.5(1)SU7 and 14SU3

Cisco Unified Communications Manager

Cisco Adaptive Security Appliance and Firepower Threat Defence Software

ASA -

9.16.4
9.18.2
9.18.2.5

FTD -

7.2.1
7.2.2
7.2.3

Versions: for Windows 4.10 and earlier

Cisco AnyConnect Secure Mobility Client

Versions: 5.0

Cisco Secure Client Software for Windows

Cisco Small Business Switches

Small Business 200 Series Smart Switches
Small Business 300 Series Managed Switches
Small Business 500 Series Stackable Managed Switches

Versions: all prior to 3.7.1.40

Cisco Secure Workload Authenticated OpenAPI

Threat details

Introduction

Cisco has released security updates to address one Critical, three High and three Medium severity vulnerabilities in Expressway Series, Cisco TelePresence Video Communication Server, and other products.

The Critical severity advisory covers both CVE-2023-20105 and CVE-2023-20192, which could allow an authenticated attacker with Administrator-level read-only credentials to escalate privileges to Administrator with read-write credentials on an affected system.

A High severity vulnerability in the client update feature of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could also allow a low-privileged, authenticated, local attacker to escalate privileges.

Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisories for more information.

Remediation steps

Type	Step
Patch	Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b
Patch	Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT
Patch	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 2100 Series Appliances SSL/TLS Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-uu7mV5p6
Patch	Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
Guidance	Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Stored Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-sxss-OPYJZUmE
Patch	Cisco Unified Communications Manager Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD
Patch	Cisco Secure Workload Authenticated OpenAPI Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-auth-openapi-kTndjdNX

Definitive source of threat updates

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

CVE Vulnerabilities

Status Reserved

CVE-2023-20105

Status Reserved

CVE-2023-20192

Last edited: 8 June 2023 3:29 pm