CVE-2023-20002
Published Jan 20, 2023
Last updated 10 months ago
Overview
- Description
- A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.4
- Impact score
- 2.5
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:roomos:10.3.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D83C41B-DD92-4B31-B2B3-BD831B908E22"
},
{
"criteria": "cpe:2.3:o:cisco:roomos:10.3.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83093692-59FB-4C24-AF96-A76DFADD37C1"
},
{
"criteria": "cpe:2.3:o:cisco:roomos:10.8.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA3E919D-0686-4680-882C-7EB636EC1089"
},
{
"criteria": "cpe:2.3:o:cisco:roomos:10.8.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA427278-651C-47AB-996E-3B0BD307E34F"
},
{
"criteria": "cpe:2.3:o:cisco:roomos:10.11.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "293FE8EE-2C4E-4EA2-BBC7-680C08F45E11"
},
{
"criteria": "cpe:2.3:o:cisco:roomos:10.11.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23A27105-A41F-4814-BCA9-2DE3D1505D73"
},
{
"criteria": "cpe:2.3:o:cisco:roomos:10.15.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB29E8E8-74BD-430E-A12E-E91E27FF81A2"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9840947F-758C-4A97-B9D2-A9F1B414D6FA"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DDF553F-4945-43EB-9D87-2AD8464EE7BC"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C672A9A-3AD3-44B3-B8BE-1EA3A5AE9D2E"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E22AE6C0-3FDE-435E-BA25-2664A2B9758C"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F2E8E40-3B18-49A6-B78C-472B5D55039D"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67604778-41A3-4519-B526-4807EBD8E61F"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F781A5E-C38E-4BE3-9F47-8B0392E6DEF0"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "479C49D0-5279-4054-8440-9683624AC057"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B42E4172-2723-426D-AE73-453C74961885"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C4770CB-A207-4D72-9EC0-2B6AEE9EC54E"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F248A6D4-23C6-4D6D-B972-D6F9E711B61F"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0559D1BB-51A9-4285-A845-ECB6A6B7D678"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1ED50F6-B01C-4003-A797-109DA9A631FA"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD3C7127-EE08-4212-92DF-C8D568F2A453"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4F86038-E6D2-4F6F-B768-68525833FD8E"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C931235-9560-4186-A339-167DAB5B7E15"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABCAF219-6E5E-42BB-9892-B17D99634518"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BA1A42D-D874-4DD4-BB08-AFFEE4EAD015"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1785B2F-B319-403F-A106-9137B9D140BE"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C73AE384-CF1A-4D57-8E95-4E2D5DFB1E04"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FB34F64-D33A-4C32-9D18-5CAF45CB1933"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C05E7CB-5ABF-4F61-B6B8-03F46B91FBF9"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "906C8212-DD6A-4485-8629-EBEFC727C70D"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "758679DD-D282-4FDC-9D46-BF698660C789"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6F63CDD-D2B6-4FED-9C93-63AD60882EAB"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A529A0C7-CCE3-4994-B412-0BEC7B4D2E9B"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE5CFE99-B3DB-429E-AEBA-3F863E29EDF5"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37AEF4D9-06A3-4A15-B310-F3F2896B0992"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "659220C8-4391-40C9-8047-8F761ECC58C1"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71A16E86-C21B-42B6-88A9-AF3CF0957C3E"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43DC02FB-1308-4505-BB12-BDBA971B48E6"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF3A23C7-7BB6-4A18-AFCF-47F508FA3561"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3800DAF9-E42F-474C-8C9C-F8A5934148D3"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "310C0A56-6523-42EB-8BF2-4C13969D057E"
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F349CFD5-D70F-426C-B670-156FD558E50F"
}
],
"operator": "OR"
}
]
}
]