Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20008

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

Published

2023-01-20T07:15:13.057

Last Modified

2024-11-21T07:40:19.863

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-59
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	roomos	10.3.2.0	Yes
Operating System	cisco	roomos	10.3.4.0	Yes
Operating System	cisco	roomos	10.8.2.5	Yes
Operating System	cisco	roomos	10.8.4.0	Yes
Operating System	cisco	roomos	10.11.3.0	Yes
Operating System	cisco	roomos	10.11.5.2	Yes
Operating System	cisco	roomos	10.15.3.0	Yes
Application	cisco	telepresence_collaboration_endpoint	8.0.0	Yes
Application	cisco	telepresence_collaboration_endpoint	8.0.1	Yes
Application	cisco	telepresence_collaboration_endpoint	8.1.0	Yes
Application	cisco	telepresence_collaboration_endpoint	8.1.1	Yes
Application	cisco	telepresence_collaboration_endpoint	8.2.0	Yes
Application	cisco	telepresence_collaboration_endpoint	8.2.1	Yes
Application	cisco	telepresence_collaboration_endpoint	8.2.2	Yes
Application	cisco	telepresence_collaboration_endpoint	8.3.0	Yes
Application	cisco	telepresence_collaboration_endpoint	8.3.1	Yes
Application	cisco	telepresence_collaboration_endpoint	8.3.2	Yes
Application	cisco	telepresence_collaboration_endpoint	8.3.3	Yes
Application	cisco	telepresence_collaboration_endpoint	8.3.5	Yes
Application	cisco	telepresence_collaboration_endpoint	8.3.6	Yes
Application	cisco	telepresence_collaboration_endpoint	9.0.1	Yes
Application	cisco	telepresence_collaboration_endpoint	9.1.1	Yes
Application	cisco	telepresence_collaboration_endpoint	9.1.2	Yes
Application	cisco	telepresence_collaboration_endpoint	9.1.3	Yes
Application	cisco	telepresence_collaboration_endpoint	9.1.4	Yes
Application	cisco	telepresence_collaboration_endpoint	9.1.5	Yes
Application	cisco	telepresence_collaboration_endpoint	9.1.6	Yes
Application	cisco	telepresence_collaboration_endpoint	9.2.1	Yes
Application	cisco	telepresence_collaboration_endpoint	9.2.2	Yes
Application	cisco	telepresence_collaboration_endpoint	9.2.3	Yes
Application	cisco	telepresence_collaboration_endpoint	9.2.4	Yes
Application	cisco	telepresence_collaboration_endpoint	9.9.3	Yes
Application	cisco	telepresence_collaboration_endpoint	9.9.4	Yes
Application	cisco	telepresence_collaboration_endpoint	9.10.1	Yes
Application	cisco	telepresence_collaboration_endpoint	9.10.2	Yes
Application	cisco	telepresence_collaboration_endpoint	9.10.3	Yes
Application	cisco	telepresence_collaboration_endpoint	9.12.3	Yes
Application	cisco	telepresence_collaboration_endpoint	9.12.4	Yes
Application	cisco	telepresence_collaboration_endpoint	9.12.5	Yes
Application	cisco	telepresence_collaboration_endpoint	9.13.0	Yes
Application	cisco	telepresence_collaboration_endpoint	9.13.1	Yes
Application	cisco	telepresence_collaboration_endpoint	9.13.2	Yes
Application	cisco	telepresence_collaboration_endpoint	9.13.3	Yes
Application	cisco	telepresence_collaboration_endpoint	9.14.3	Yes
Application	cisco	telepresence_collaboration_endpoint	9.14.4	Yes
Application	cisco	telepresence_collaboration_endpoint	9.14.5	Yes
Application	cisco	telepresence_collaboration_endpoint	9.14.6	Yes
Application	cisco	telepresence_collaboration_endpoint	9.15.0.10	Yes
Application	cisco	telepresence_collaboration_endpoint	9.15.0.11	Yes
Application	cisco	telepresence_collaboration_endpoint	9.15.3.25	Yes
Application	cisco	telepresence_collaboration_endpoint	9.15.3.26	Yes
Application	cisco	telepresence_collaboration_endpoint	9.15.8.12	Yes
Application	cisco	telepresence_collaboration_endpoint	9.15.10.8	Yes
Application	cisco	telepresence_collaboration_endpoint	9.15.13.0	Yes
Application	cisco	telepresence_tc	7.3.5	Yes
Application	cisco	telepresence_tc	7.3.6	Yes
Application	cisco	telepresence_tc	7.3.7	Yes
Application	cisco	telepresence_tc	7.3.9	Yes
Application	cisco	telepresence_tc	7.3.13	Yes
Application	cisco	telepresence_tc	7.3.21	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)