February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2023-40684- IBM Content Navigator Vulnerability
October 5, 2023Rewterz Threat Update – New Linux Vulnerability ‘Looney Tunables’ Allows Privilege Escalation on Major Distributions
October 5, 2023Rewterz Threat Advisory – CVE-2023-40684- IBM Content Navigator Vulnerability
October 5, 2023Rewterz Threat Update – New Linux Vulnerability ‘Looney Tunables’ Allows Privilege Escalation on Major Distributions
October 5, 2023
Severity
High
Analysis Summary
CVE-2023-20235 CVSS:6.5
Cisco IOS XE Software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the application development mode. By sending a specially crafted request using the Docker CLI, an authenticated attacker could exploit this vulnerability to gain access the underlying operating system as the root user.
CVE-2023-20259 CVSS:8.6
Cisco Unified Communications Products are vulnerable to a denial of service, caused by improper API authentication and incomplete validation of the API request. By sending a specially crafted HTTP request to a specific API, a remote attacker could exploit this vulnerability to cause a high CPU utilization, and results in denial of service condition.
CVE-2023-20101 CVSS:9.8
Cisco Emergency Responder could allow a remote attacker to execute arbitrary commands on the system, caused by the presence of static user credentials for the root account that are typically reserved for use during development. By using the account to log in to an affected system, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Denial of Service
- Gain access
Indicators Of Compromise
CVE
- CVE-2023-20235
- CVE-2023-20259
- CVE-2023-20101
Affected Vendors
Cisco
Affected Products
- Cisco Embedded Services 3300 Series Switches
- Cisco Catalyst IR8300 Rugged Series Routers
- Cisco Catalyst IE3x00 Rugged Series Switches
- Cisco Catalyst IR1100 Rugged Series Routers
- Cisco Catalyst IR1800 Rugged Series Routers
- Cisco Catalyst IR8100 Heavy Duty Series Routers
- Cisco Emergency Responder
- Cisco Prime Collaboration Deployment
- Cisco Emergency Responder 12.5(1)SU4
- Cisco Unified Communications Manager
- Cisco Unified Communications Manager Session Management Edition
- Cisco Unity Connection
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
Cisco Security Advisory cisco-sa-rdocker-uATbukKn