Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
08-Jun-23
In its Motorway series and TelePresence Video Communication Server enterprise collaboration and video communication systems, Cisco on Wednesday disclosed updates for a severe vulnerability. The vulnerability, identified as CVE-2023-20105, enables an administrator with’read-only’ rights to gain access to’read-write’ privileges.
Due to a flaw in how password change requests are handled, it is possible for an attacker to send a crafted request to change the password for any user account on the system, including that of a “read-write” administrator, and then assume their identity.
