Vulnerability Details : CVE-2023-20008
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.
This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
Products affected by CVE-2023-20008
- cpe:2.3:a:cisco:telepresence_tc:7.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_tc:7.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_tc:7.3.21:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_tc:7.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_tc:7.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_tc:7.3.13:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:roomos:10.3.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:roomos:10.3.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:roomos:10.8.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:roomos:10.11.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:roomos:10.8.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:roomos:10.11.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:roomos:10.15.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-20008
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-20008
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
1.8
|
5.2
|
NIST | |
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
0.8
|
3.6
|
Cisco Systems, Inc. |
CWE ids for CVE-2023-20008
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2023-20008
-
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK
Cisco TelePresence Collaboration Endpoint and RoomOS Software VulnerabilitiesVendor Advisory
Jump to