What is CVE-2023-20116?

CVE-2023-20116 is a medium-severity vulnerability in Cisco Unified Communications Manager, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 6.8/10. Published 2023-06-28.

How severe is CVE-2023-20116?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Cisco Unified Communications Manager

CVE-2023-20116

A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote…

EPSS: 0.005 (66.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H.

Affected products

Cisco Unified Communications Manager — versions 12.0(1)SU1, 12.0(1)SU2, 12.0(1)SU3
Cisco Unified Communications Manager / Unity Connection — versions 10.5(2)SU10, 10.5(1), 10.5(1)SU1

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

cisco-sa-cucm-dos-4Ag3yWbD

Frequently asked questions

What is CVE-2023-20116?: CVE-2023-20116 is a medium-severity vulnerability in Cisco Unified Communications Manager, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 6.8/10. Published 2023-06-28.
How severe is CVE-2023-20116?: Medium severity. CVSS v3 base score is 6.8 out of 10.