Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20090

A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Published

2024-11-15T16:15:25.560

Last Modified

2025-07-30T17:51:17.940

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-27

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	telepresence_collaboration_endpoint	< 9.15.17.4	Yes
Operating System	cisco	roomos	< 11.1.2.4	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf Vendor Advisory ([email protected])