CVE-2023-20090

CWE-27 CWE-125 — Out-of-bounds Read CWE-59 CWE-614 documents4 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 78.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Roomos Cisco Telepresence Collaboration Endpoint Cisco Cisco Roomos Software +1 more

Timeline

PublishedNov 15

Description

A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address t…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5cisco/cisco_roomos_softwareN/A

▶CVEListV5cisco/cisco_telepresence_endpoint_software_(tc/ce)43 versions+42

▶NVDcisco/roomos10.0.1.2 — 11.1.2.4

▶NVDcisco/telepresence_collaboration_endpoint9.0.0.0 — 9.15.17.4

🔴Vulnerability Details

CVEList

Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability↗2024-11-15

▶

GHSA

GHSA-2237-2j5h-553w: A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device↗2024-11-15

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Collaboration Endpoint and RoomOS Arbitrary File Write Vulnerabilities↗2023-04-19

▶