Lucene search

[email protected]NVD:CVE-2023-20008

HistoryJan 20, 2023 - 7:15 a.m.

CVE-2023-20008

2023-01-2007:15:13

CWE-59

[email protected]

web.nvd.nist.gov

cisco telepresence

roomos software

vulnerability

cli

local file overwrite

access controls

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.

This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

Affected configurations

Nvd

Node

ciscoroomosMatch10.3.2.0

ciscoroomosMatch10.3.4.0

ciscoroomosMatch10.8.2.5

ciscoroomosMatch10.8.4.0

ciscoroomosMatch10.11.3.0

ciscoroomosMatch10.11.5.2

ciscoroomosMatch10.15.3.0

Node

ciscotelepresence_collaboration_endpointMatch8.0.0

ciscotelepresence_collaboration_endpointMatch8.0.1

ciscotelepresence_collaboration_endpointMatch8.1.0

ciscotelepresence_collaboration_endpointMatch8.1.1

ciscotelepresence_collaboration_endpointMatch8.2.0

ciscotelepresence_collaboration_endpointMatch8.2.1

ciscotelepresence_collaboration_endpointMatch8.2.2

ciscotelepresence_collaboration_endpointMatch8.3.0

ciscotelepresence_collaboration_endpointMatch8.3.1

ciscotelepresence_collaboration_endpointMatch8.3.2

ciscotelepresence_collaboration_endpointMatch8.3.3

ciscotelepresence_collaboration_endpointMatch8.3.5

ciscotelepresence_collaboration_endpointMatch8.3.6

ciscotelepresence_collaboration_endpointMatch9.0.1

ciscotelepresence_collaboration_endpointMatch9.1.1

ciscotelepresence_collaboration_endpointMatch9.1.2

ciscotelepresence_collaboration_endpointMatch9.1.3

ciscotelepresence_collaboration_endpointMatch9.1.4

ciscotelepresence_collaboration_endpointMatch9.1.5

ciscotelepresence_collaboration_endpointMatch9.1.6

ciscotelepresence_collaboration_endpointMatch9.2.1

ciscotelepresence_collaboration_endpointMatch9.2.2

ciscotelepresence_collaboration_endpointMatch9.2.3

ciscotelepresence_collaboration_endpointMatch9.2.4

ciscotelepresence_collaboration_endpointMatch9.9.3

ciscotelepresence_collaboration_endpointMatch9.9.4

ciscotelepresence_collaboration_endpointMatch9.10.1

ciscotelepresence_collaboration_endpointMatch9.10.2

ciscotelepresence_collaboration_endpointMatch9.10.3

ciscotelepresence_collaboration_endpointMatch9.12.3

ciscotelepresence_collaboration_endpointMatch9.12.4

ciscotelepresence_collaboration_endpointMatch9.12.5

ciscotelepresence_collaboration_endpointMatch9.13.0

ciscotelepresence_collaboration_endpointMatch9.13.1

ciscotelepresence_collaboration_endpointMatch9.13.2

ciscotelepresence_collaboration_endpointMatch9.13.3

ciscotelepresence_collaboration_endpointMatch9.14.3

ciscotelepresence_collaboration_endpointMatch9.14.4

ciscotelepresence_collaboration_endpointMatch9.14.5

ciscotelepresence_collaboration_endpointMatch9.14.6

ciscotelepresence_collaboration_endpointMatch9.15.0.10

ciscotelepresence_collaboration_endpointMatch9.15.0.11

ciscotelepresence_collaboration_endpointMatch9.15.3.25

ciscotelepresence_collaboration_endpointMatch9.15.3.26

ciscotelepresence_collaboration_endpointMatch9.15.8.12

ciscotelepresence_collaboration_endpointMatch9.15.10.8

ciscotelepresence_collaboration_endpointMatch9.15.13.0

Node

ciscotelepresence_tcMatch7.3.5

ciscotelepresence_tcMatch7.3.6

ciscotelepresence_tcMatch7.3.7

ciscotelepresence_tcMatch7.3.9

ciscotelepresence_tcMatch7.3.13

ciscotelepresence_tcMatch7.3.21

VendorProductVersionCPE
ciscoroomos10.3.2.0cpe:2.3:o:cisco:roomos:10.3.2.0:*:*:*:*:*:*:*
ciscoroomos10.3.4.0cpe:2.3:o:cisco:roomos:10.3.4.0:*:*:*:*:*:*:*
ciscoroomos10.8.2.5cpe:2.3:o:cisco:roomos:10.8.2.5:*:*:*:*:*:*:*
ciscoroomos10.8.4.0cpe:2.3:o:cisco:roomos:10.8.4.0:*:*:*:*:*:*:*
ciscoroomos10.11.3.0cpe:2.3:o:cisco:roomos:10.11.3.0:*:*:*:*:*:*:*
ciscoroomos10.11.5.2cpe:2.3:o:cisco:roomos:10.11.5.2:*:*:*:*:*:*:*
ciscoroomos10.15.3.0cpe:2.3:o:cisco:roomos:10.15.3.0:*:*:*:*:*:*:*
ciscotelepresence_collaboration_endpoint8.0.0cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.0:*:*:*:*:*:*:*
ciscotelepresence_collaboration_endpoint8.0.1cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.1:*:*:*:*:*:*:*
ciscotelepresence_collaboration_endpoint8.1.0cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	roomos	10.3.2.0	cpe:2.3:o:cisco:roomos:10.3.2.0:::::::*
cisco	roomos	10.3.4.0	cpe:2.3:o:cisco:roomos:10.3.4.0:::::::*
cisco	roomos	10.8.2.5	cpe:2.3:o:cisco:roomos:10.8.2.5:::::::*
cisco	roomos	10.8.4.0	cpe:2.3:o:cisco:roomos:10.8.4.0:::::::*
cisco	roomos	10.11.3.0	cpe:2.3:o:cisco:roomos:10.11.3.0:::::::*
cisco	roomos	10.11.5.2	cpe:2.3:o:cisco:roomos:10.11.5.2:::::::*
cisco	roomos	10.15.3.0	cpe:2.3:o:cisco:roomos:10.15.3.0:::::::*
cisco	telepresence_collaboration_endpoint	8.0.0	cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.0:::::::*
cisco	telepresence_collaboration_endpoint	8.0.1	cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.1:::::::*
cisco	telepresence_collaboration_endpoint	8.1.0	cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.0:::::::*