Lucene search

CiscoCVE-2023-20008

HistoryJan 20, 2023 - 7:15 a.m.

CVE-2023-20008

2023-01-2007:15:13

CWE-59

cisco

web.nvd.nist.gov

cisco

telepresence

roomos

software

vulnerability

authenticated

local attacker

overwrite

arbitrary files

nvd

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.

This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

Affected configurations

Nvd

Node

ciscoroomosMatch10.3.2.0

ciscoroomosMatch10.3.4.0

ciscoroomosMatch10.8.2.5

ciscoroomosMatch10.8.4.0

ciscoroomosMatch10.11.3.0

ciscoroomosMatch10.11.5.2

ciscoroomosMatch10.15.3.0

Node

ciscotelepresence_collaboration_endpointMatch8.0.0

ciscotelepresence_collaboration_endpointMatch8.0.1

ciscotelepresence_collaboration_endpointMatch8.1.0

ciscotelepresence_collaboration_endpointMatch8.1.1

ciscotelepresence_collaboration_endpointMatch8.2.0

ciscotelepresence_collaboration_endpointMatch8.2.1

ciscotelepresence_collaboration_endpointMatch8.2.2

ciscotelepresence_collaboration_endpointMatch8.3.0

ciscotelepresence_collaboration_endpointMatch8.3.1

ciscotelepresence_collaboration_endpointMatch8.3.2

ciscotelepresence_collaboration_endpointMatch8.3.3

ciscotelepresence_collaboration_endpointMatch8.3.5

ciscotelepresence_collaboration_endpointMatch8.3.6

ciscotelepresence_collaboration_endpointMatch9.0.1

ciscotelepresence_collaboration_endpointMatch9.1.1

ciscotelepresence_collaboration_endpointMatch9.1.2

ciscotelepresence_collaboration_endpointMatch9.1.3

ciscotelepresence_collaboration_endpointMatch9.1.4

ciscotelepresence_collaboration_endpointMatch9.1.5

ciscotelepresence_collaboration_endpointMatch9.1.6

ciscotelepresence_collaboration_endpointMatch9.2.1

ciscotelepresence_collaboration_endpointMatch9.2.2

ciscotelepresence_collaboration_endpointMatch9.2.3

ciscotelepresence_collaboration_endpointMatch9.2.4

ciscotelepresence_collaboration_endpointMatch9.9.3

ciscotelepresence_collaboration_endpointMatch9.9.4

ciscotelepresence_collaboration_endpointMatch9.10.1

ciscotelepresence_collaboration_endpointMatch9.10.2

ciscotelepresence_collaboration_endpointMatch9.10.3

ciscotelepresence_collaboration_endpointMatch9.12.3

ciscotelepresence_collaboration_endpointMatch9.12.4

ciscotelepresence_collaboration_endpointMatch9.12.5

ciscotelepresence_collaboration_endpointMatch9.13.0

ciscotelepresence_collaboration_endpointMatch9.13.1

ciscotelepresence_collaboration_endpointMatch9.13.2

ciscotelepresence_collaboration_endpointMatch9.13.3

ciscotelepresence_collaboration_endpointMatch9.14.3

ciscotelepresence_collaboration_endpointMatch9.14.4

ciscotelepresence_collaboration_endpointMatch9.14.5

ciscotelepresence_collaboration_endpointMatch9.14.6

ciscotelepresence_collaboration_endpointMatch9.15.0.10

ciscotelepresence_collaboration_endpointMatch9.15.0.11

ciscotelepresence_collaboration_endpointMatch9.15.3.25

ciscotelepresence_collaboration_endpointMatch9.15.3.26

ciscotelepresence_collaboration_endpointMatch9.15.8.12

ciscotelepresence_collaboration_endpointMatch9.15.10.8

ciscotelepresence_collaboration_endpointMatch9.15.13.0

Node

ciscotelepresence_tcMatch7.3.5

ciscotelepresence_tcMatch7.3.6

ciscotelepresence_tcMatch7.3.7

ciscotelepresence_tcMatch7.3.9

ciscotelepresence_tcMatch7.3.13

ciscotelepresence_tcMatch7.3.21

VendorProductVersionCPE
ciscoroomos10.3.2.0cpe:2.3:o:cisco:roomos:10.3.2.0:*:*:*:*:*:*:*
ciscoroomos10.3.4.0cpe:2.3:o:cisco:roomos:10.3.4.0:*:*:*:*:*:*:*
ciscoroomos10.8.2.5cpe:2.3:o:cisco:roomos:10.8.2.5:*:*:*:*:*:*:*
ciscoroomos10.8.4.0cpe:2.3:o:cisco:roomos:10.8.4.0:*:*:*:*:*:*:*
ciscoroomos10.11.3.0cpe:2.3:o:cisco:roomos:10.11.3.0:*:*:*:*:*:*:*
ciscoroomos10.11.5.2cpe:2.3:o:cisco:roomos:10.11.5.2:*:*:*:*:*:*:*
ciscoroomos10.15.3.0cpe:2.3:o:cisco:roomos:10.15.3.0:*:*:*:*:*:*:*
ciscotelepresence_collaboration_endpoint8.0.0cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.0:*:*:*:*:*:*:*
ciscotelepresence_collaboration_endpoint8.0.1cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.1:*:*:*:*:*:*:*
ciscotelepresence_collaboration_endpoint8.1.0cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	roomos	10.3.2.0	cpe:2.3:o:cisco:roomos:10.3.2.0:::::::*
cisco	roomos	10.3.4.0	cpe:2.3:o:cisco:roomos:10.3.4.0:::::::*
cisco	roomos	10.8.2.5	cpe:2.3:o:cisco:roomos:10.8.2.5:::::::*
cisco	roomos	10.8.4.0	cpe:2.3:o:cisco:roomos:10.8.4.0:::::::*
cisco	roomos	10.11.3.0	cpe:2.3:o:cisco:roomos:10.11.3.0:::::::*
cisco	roomos	10.11.5.2	cpe:2.3:o:cisco:roomos:10.11.5.2:::::::*
cisco	roomos	10.15.3.0	cpe:2.3:o:cisco:roomos:10.15.3.0:::::::*
cisco	telepresence_collaboration_endpoint	8.0.0	cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.0:::::::*
cisco	telepresence_collaboration_endpoint	8.0.1	cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.1:::::::*
cisco	telepresence_collaboration_endpoint	8.1.0	cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.0:::::::*

Rows per page:

1-10 of 601

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco RoomOS Software",
    "versions": [
      {
        "version": "RoomOS 10.3.2.0",
        "status": "affected"
      },
      {
        "version": "RoomOS 10.3.4.0",
        "status": "affected"
      },
      {
        "version": "RoomOS 10.8.2.5",
        "status": "affected"
      },
      {
        "version": "RoomOS 10.11.5.2",
        "status": "affected"
      },
      {
        "version": "RoomOS 10.8.4.0",
        "status": "affected"
      },
      {
        "version": "RoomOS 10.11.3.0",
        "status": "affected"
      },
      {
        "version": "RoomOS 10.15.3.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Cisco",
    "product": "Cisco TelePresence Endpoint Software (TC/CE)",
    "versions": [
      {
        "version": "CE9.0.1",
        "status": "affected"
      },
      {
        "version": "CE9.1.1",
        "status": "affected"
      },
      {
        "version": "CE9.1.2",
        "status": "affected"
      },
      {
        "version": "CE9.1.3",
        "status": "affected"
      },
      {
        "version": "CE9.1.4",
        "status": "affected"
      },
      {
        "version": "CE9.1.5",
        "status": "affected"
      },
      {
        "version": "CE9.1.6",
        "status": "affected"
      },
      {
        "version": "CE9.10.1",
        "status": "affected"
      },
      {
        "version": "CE9.10.2",
        "status": "affected"
      },
      {
        "version": "CE9.10.3",
        "status": "affected"
      },
      {
        "version": "CE9.12.4",
        "status": "affected"
      },
      {
        "version": "CE9.12.5",
        "status": "affected"
      },
      {
        "version": "CE9.12.3",
        "status": "affected"
      },
      {
        "version": "CE9.13.0",
        "status": "affected"
      },
      {
        "version": "CE9.13.1",
        "status": "affected"
      },
      {
        "version": "CE9.13.3",
        "status": "affected"
      },
      {
        "version": "CE9.13.2",
        "status": "affected"
      },
      {
        "version": "CE9.2.1",
        "status": "affected"
      },
      {
        "version": "CE9.2.2",
        "status": "affected"
      },
      {
        "version": "CE9.2.3",
        "status": "affected"
      },
      {
        "version": "CE9.2.4",
        "status": "affected"
      },
      {
        "version": "CE9.9.3",
        "status": "affected"
      },
      {
        "version": "CE9.9.4",
        "status": "affected"
      },
      {
        "version": "CE9.14.3",
        "status": "affected"
      },
      {
        "version": "CE9.14.5",
        "status": "affected"
      },
      {
        "version": "CE9.14.4",
        "status": "affected"
      },
      {
        "version": "CE9.14.6",
        "status": "affected"
      },
      {
        "version": "CE9.14.7",
        "status": "affected"
      },
      {
        "version": "CE9.15.0.11",
        "status": "affected"
      },
      {
        "version": "CE9.15.0.10",
        "status": "affected"
      },
      {
        "version": "CE9.15.8.12",
        "status": "affected"
      },
      {
        "version": "CE9.15.13.0",
        "status": "affected"
      },
      {
        "version": "CE9.15.10.8",
        "status": "affected"
      },
      {
        "version": "CE9.15.3.26",
        "status": "affected"
      },
      {
        "version": "CE9.15.3.25",
        "status": "affected"
      },
      {
        "version": "CE9.15.3.17",
        "status": "affected"
      },
      {
        "version": "CE9.15.3.22",
        "status": "affected"
      },
      {
        "version": "CE9.15.0.19",
        "status": "affected"
      },
      {
        "version": "TC7.3.21",
        "status": "affected"
      },
      {
        "version": "RoomOS 10.8.4.0",
        "status": "affected"
      },
      {
        "version": "RoomOS 10.11.3.0",
        "status": "affected"
      },
      {
        "version": "RoomOS 10.11.5.2",
        "status": "affected"
      },
      {
        "version": "RoomOS 10.15.3.0",
        "status": "affected"
      },
      {
        "version": "9.15.3.25",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-20008