CVE-2023-20094

CWE-125 — Out-of-bounds Read CWE-27 CWE-59 CWE-614 documents4 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 68.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Roomos Software Cisco Cisco Telepresence Endpoint Software (tc/ce)

Timeline

PublishedNov 15

Description

A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information. Note: This vulnerability only affects Cisco…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco/cisco_roomos_softwareN/A

▶CVEListV5cisco/cisco_telepresence_endpoint_software_(tc/ce)N/A

🔴Vulnerability Details

GHSA

GHSA-jrhg-66xp-fmhv: A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected dev↗2024-11-15

▶

CVEList

Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability↗2024-11-15

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Collaboration Endpoint and RoomOS Arbitrary File Write Vulnerabilities↗2023-04-19

▶