What is CVE-2023-20266?

CVE-2023-20266 is a medium-severity vulnerability in Cisco Emergency Responder, classified under Improper Verification of Cryptographic Signature. CVSS score: 6.5/10. Published 2023-08-30.

How severe is CVE-2023-20266?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Cisco Emergency Responder

CVE-2023-20266

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, rem…

EPSS: 0.001 (22.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco Emergency Responder — versions 12.5(1)SU4, 12.5(1)SU8a, 14SU3
Cisco Unified Communications Manager — versions 12.5(1)SU8
Cisco Unity Connection — versions 12.5(1)SU6, 12.5(1)SU7, 12.5(1)SU8

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

cisco-sa-cucm-priv-esc-D8Bky5eg

Frequently asked questions

What is CVE-2023-20266?: CVE-2023-20266 is a medium-severity vulnerability in Cisco Emergency Responder, classified under Improper Verification of Cryptographic Signature. CVSS score: 6.5/10. Published 2023-08-30.
How severe is CVE-2023-20266?: Medium severity. CVSS v3 base score is 6.5 out of 10.