Cisco recently released patches for a significant vulnerability in its Expressway series and TelePresence VCS collaboration and video communication solutions. This vulnerability, identified as CVE-2023-20105 with a CVSS score of 9.6, enables an administrator with ‘read-only’ permissions to raise their privileges to ‘read-write.’
The vulnerability stems from a mishandling of password change requests, which allows an attacker, authenticated as a ‘read-only’ administrator, to exploit this flaw by submitting a carefully crafted request to change any user account’s password. It includes the ability to change the password of a ‘read-write’ administrator and assume their identity.
Read More: Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.