CVE-2023-20002

Published Jan 20, 2023
Last updated a year ago
CVSS medium 4.4
Overview

Description: A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system.
Source: ykramarz@cisco.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 4.4
Impact score: 2.5
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM
Weaknesses

nvd@nist.gov: CWE-918
ykramarz@cisco.com: CWE-918
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D83C41B-DD92-4B31-B2B3-BD831B908E22"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83093692-59FB-4C24-AF96-A76DFADD37C1"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.8.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA3E919D-0686-4680-882C-7EB636EC1089"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.8.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA427278-651C-47AB-996E-3B0BD307E34F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.11.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "293FE8EE-2C4E-4EA2-BBC7-680C08F45E11"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.11.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A27105-A41F-4814-BCA9-2DE3D1505D73"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.15.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB29E8E8-74BD-430E-A12E-E91E27FF81A2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9840947F-758C-4A97-B9D2-A9F1B414D6FA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DDF553F-4945-43EB-9D87-2AD8464EE7BC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C672A9A-3AD3-44B3-B8BE-1EA3A5AE9D2E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E22AE6C0-3FDE-435E-BA25-2664A2B9758C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F2E8E40-3B18-49A6-B78C-472B5D55039D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67604778-41A3-4519-B526-4807EBD8E61F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F781A5E-C38E-4BE3-9F47-8B0392E6DEF0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "479C49D0-5279-4054-8440-9683624AC057"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B42E4172-2723-426D-AE73-453C74961885"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C4770CB-A207-4D72-9EC0-2B6AEE9EC54E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F248A6D4-23C6-4D6D-B972-D6F9E711B61F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0559D1BB-51A9-4285-A845-ECB6A6B7D678"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1ED50F6-B01C-4003-A797-109DA9A631FA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD3C7127-EE08-4212-92DF-C8D568F2A453"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4F86038-E6D2-4F6F-B768-68525833FD8E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C931235-9560-4186-A339-167DAB5B7E15"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABCAF219-6E5E-42BB-9892-B17D99634518"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BA1A42D-D874-4DD4-BB08-AFFEE4EAD015"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1785B2F-B319-403F-A106-9137B9D140BE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C73AE384-CF1A-4D57-8E95-4E2D5DFB1E04"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FB34F64-D33A-4C32-9D18-5CAF45CB1933"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C05E7CB-5ABF-4F61-B6B8-03F46B91FBF9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "906C8212-DD6A-4485-8629-EBEFC727C70D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "758679DD-D282-4FDC-9D46-BF698660C789"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6F63CDD-D2B6-4FED-9C93-63AD60882EAB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A529A0C7-CCE3-4994-B412-0BEC7B4D2E9B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE5CFE99-B3DB-429E-AEBA-3F863E29EDF5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37AEF4D9-06A3-4A15-B310-F3F2896B0992"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "659220C8-4391-40C9-8047-8F761ECC58C1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71A16E86-C21B-42B6-88A9-AF3CF0957C3E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43DC02FB-1308-4505-BB12-BDBA971B48E6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF3A23C7-7BB6-4A18-AFCF-47F508FA3561"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3800DAF9-E42F-474C-8C9C-F8A5934148D3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "310C0A56-6523-42EB-8BF2-4C13969D057E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F349CFD5-D70F-426C-B670-156FD558E50F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
