CVE-2023-20008

Опубликовано: 20 янв. 2023

Источник: nvd

CVSS3: 4.4

CVSS3: 7.1

EPSS Низкий

Описание

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.

This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:cisco:roomos:10.3.2.0:*:*:*:*:*:*:*

cpe:2.3:o:cisco:roomos:10.3.4.0:*:*:*:*:*:*:*

cpe:2.3:o:cisco:roomos:10.8.2.5:*:*:*:*:*:*:*

cpe:2.3:o:cisco:roomos:10.8.4.0:*:*:*:*:*:*:*

cpe:2.3:o:cisco:roomos:10.11.3.0:*:*:*:*:*:*:*

cpe:2.3:o:cisco:roomos:10.11.5.2:*:*:*:*:*:*:*

cpe:2.3:o:cisco:roomos:10.15.3.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.2.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:cisco:telepresence_tc:7.3.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_tc:7.3.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_tc:7.3.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_tc:7.3.9:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_tc:7.3.13:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_tc:7.3.21:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00151

Низкий

4.4 Medium

CVSS3

7.1 High

CVSS3

Дефекты

CWE-59

NVD-CWE-noinfo

Связанные уязвимости

GHSA-m6pp-3qrg-p5x2

CVSS3: 7.1

github

около 3 лет назад

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

BDU:2023-00302

CVSS3: 4.4

fstec

около 3 лет назад

Уязвимость интерфейса командной строки (CLI) микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence Collaboration Endpoint (CE) и операционной системы Cisco RoomOS, позволяющая нарушителю перезаписать произвольные файлы

EPSS

Процентиль: 36%

0.00151

Низкий

4.4 Medium

CVSS3

7.1 High

CVSS3

Дефекты

CWE-59

NVD-CWE-noinfo