CVE-2023-20008

Published Jan 20, 2023
Last updated a year ago
CVSS high 7.1
Overview

Description: A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
Source: ykramarz@cisco.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.1
Impact score: 5.2
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Severity: HIGH
Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
ykramarz@cisco.com: CWE-59
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D83C41B-DD92-4B31-B2B3-BD831B908E22"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83093692-59FB-4C24-AF96-A76DFADD37C1"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.8.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA3E919D-0686-4680-882C-7EB636EC1089"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.8.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA427278-651C-47AB-996E-3B0BD307E34F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.11.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "293FE8EE-2C4E-4EA2-BBC7-680C08F45E11"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.11.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A27105-A41F-4814-BCA9-2DE3D1505D73"
          },
          {
            "criteria": "cpe:2.3:o:cisco:roomos:10.15.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB29E8E8-74BD-430E-A12E-E91E27FF81A2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B79B19D-B749-4353-B366-3C6B5171AA82"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7846817-340F-49CF-AA2E-ACBE2BCC854C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7BA8275-E3B9-4901-A4AF-F3CB713C6740"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9840947F-758C-4A97-B9D2-A9F1B414D6FA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEDF1A6F-9CDD-41E6-835A-41B06A9078EB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A50221CF-D98B-44CC-B60F-7C095D29F844"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0783DDF5-520C-470C-ACA1-A2E6871E2F14"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DDF553F-4945-43EB-9D87-2AD8464EE7BC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE000291-6A76-40D1-A4AA-DEC5DD995F92"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3B11A1A-6EB5-4234-82D9-DCBD7E21EAD0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB53A45A-2B87-4104-85D5-96EFD4EBAF25"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C672A9A-3AD3-44B3-B8BE-1EA3A5AE9D2E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C2B1C53-EAB4-44D7-80B1-EBF564DEF664"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E22AE6C0-3FDE-435E-BA25-2664A2B9758C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F2E8E40-3B18-49A6-B78C-472B5D55039D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67604778-41A3-4519-B526-4807EBD8E61F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F781A5E-C38E-4BE3-9F47-8B0392E6DEF0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "479C49D0-5279-4054-8440-9683624AC057"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B42E4172-2723-426D-AE73-453C74961885"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C4770CB-A207-4D72-9EC0-2B6AEE9EC54E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F248A6D4-23C6-4D6D-B972-D6F9E711B61F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0559D1BB-51A9-4285-A845-ECB6A6B7D678"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1ED50F6-B01C-4003-A797-109DA9A631FA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD3C7127-EE08-4212-92DF-C8D568F2A453"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4F86038-E6D2-4F6F-B768-68525833FD8E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C931235-9560-4186-A339-167DAB5B7E15"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABCAF219-6E5E-42BB-9892-B17D99634518"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BA1A42D-D874-4DD4-BB08-AFFEE4EAD015"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1785B2F-B319-403F-A106-9137B9D140BE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C73AE384-CF1A-4D57-8E95-4E2D5DFB1E04"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FB34F64-D33A-4C32-9D18-5CAF45CB1933"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C05E7CB-5ABF-4F61-B6B8-03F46B91FBF9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "906C8212-DD6A-4485-8629-EBEFC727C70D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "758679DD-D282-4FDC-9D46-BF698660C789"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6F63CDD-D2B6-4FED-9C93-63AD60882EAB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A529A0C7-CCE3-4994-B412-0BEC7B4D2E9B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE5CFE99-B3DB-429E-AEBA-3F863E29EDF5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37AEF4D9-06A3-4A15-B310-F3F2896B0992"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "659220C8-4391-40C9-8047-8F761ECC58C1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71A16E86-C21B-42B6-88A9-AF3CF0957C3E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43DC02FB-1308-4505-BB12-BDBA971B48E6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF3A23C7-7BB6-4A18-AFCF-47F508FA3561"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3800DAF9-E42F-474C-8C9C-F8A5934148D3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "310C0A56-6523-42EB-8BF2-4C13969D057E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03E93335-92B5-4EEC-8D79-952463ECBB0E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F349CFD5-D70F-426C-B670-156FD558E50F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83FE1690-CA64-4D12-8538-5FC0727ED553"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05922155-725D-4695-B7BF-3BEA4A0D418B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8692F9C-D9C1-412A-8CA0-04DA37509819"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E73BF2C9-F26F-471C-A566-8EE06FECBB7C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "604336DF-DDE2-4250-8CA4-3800EB9F935A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.3.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "191F7E36-58D5-411F-8D45-C4F225A35B63"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_tc:7.3.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1436BE5E-2EC2-4FDF-BDAE-AF590D36C838"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
