Fixes have been issued by Cisco for critical and high-severity vulnerabilities impacting its Expressway Series and TelePresence Video Communication Server enterprise collaboration and video communication offerings, according to SecurityWeek.
Threat actors could have exploited the critical CVE-2023-20105 flaw stemming from improper handling of password change requests to facilitate privilege escalation for admins with "read-only" permissions, while the high-severity CVE-2023-20192 bug could also be leveraged to enable escalated privileges, said Cisco.
"This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a read-only CLI administrator and issuing commands normally reserved for administrators with read-write capabilities," Cisco added.
Moreover, additional patches have been issued to address high-severity denial-of-service flaws impacting Unified Communications Manager IM & Presence service and Firepower 2100 series appliances, a high-severity code execution vulnerability impacting AnyConnect Secure Mobility Client and Secure Client software for Windows, and medium-severity flaws in Unified Communications Manager Session Management Edition and Unified Communications Manager.