Search criteria
38 vulnerabilities found for Cisco RoomOS Software by Cisco
CVE-2025-20329 (GCVE-0-2025-20329)
Vulnerability from cvelistv5 – Published: 2025-10-15 16:14 – Updated: 2025-10-15 17:42
VLAI?
Summary
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII).
Note: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials.
Severity ?
4.9 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
RoomOS 10.11.2.2
Affected: RoomOS 10.15.2.2 Affected: RoomOS 11.5.4.6 Affected: RoomOS 11.5.2.4 Affected: RoomOS 10.8.2.5 Affected: RoomOS 10.11.5.2 Affected: RoomOS 10.11.3.0 Affected: RoomOS 10.15.5.3 Affected: RoomOS 10.19.2.2 Affected: RoomOS 11.1.3.1 Affected: RoomOS 10.11.6.0 Affected: RoomOS 10.19.3.0 Affected: RoomOS 10.19.4.2 Affected: RoomOS 10.3.2.4 Affected: RoomOS 10.3.4.0 Affected: RoomOS 10.15.3.0 Affected: RoomOS 11.1.4.1 Affected: RoomOS 11.14.2.3 Affected: RoomOS 11.1.2.4 Affected: RoomOS 10.8.3.1 Affected: RoomOS 11.14.2.1 Affected: RoomOS 10.3.3.0 Affected: RoomOS 10.8.4.0 Affected: RoomOS 10.15.4.1 Affected: RoomOS 10.19.5.6 Affected: RoomOS 10.11.4.1 Affected: RoomOS 11.9.3.1 Affected: RoomOS 11.5.3.3 Affected: RoomOS 10.3.2.0 Affected: RoomOS 11.9.2.4 Affected: RoomOS 11.14.3.0 Affected: RoomOS 11.17.2.2 Affected: RoomOS 11.14.4.0 Affected: RoomOS 10.19 StepUpg Affected: RoomOS 11.17.3.0 Affected: RoomOS 11.20.2.3 Affected: RoomOS 11.14.5.0 Affected: RoomOS 11.17.4.0 Affected: RoomOS 11.20.3.0 Affected: RoomOS 11.23.1.6 Affected: RoomOS 11.23.1.8 Affected: RoomOS 11.24.1.5 Affected: RoomOS 11.24.2.4 Affected: RoomOS 11.24.3.0 Affected: RoomOS 11.24.4.1 Affected: RoomOS 11.27.2.0 Affected: RoomOS 11.28.1.3 Affected: RoomOS 11.27.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T17:42:38.688864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T17:42:48.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "RoomOS 10.11.2.2"
},
{
"status": "affected",
"version": "RoomOS 10.15.2.2"
},
{
"status": "affected",
"version": "RoomOS 11.5.4.6"
},
{
"status": "affected",
"version": "RoomOS 11.5.2.4"
},
{
"status": "affected",
"version": "RoomOS 10.8.2.5"
},
{
"status": "affected",
"version": "RoomOS 10.11.5.2"
},
{
"status": "affected",
"version": "RoomOS 10.11.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.15.5.3"
},
{
"status": "affected",
"version": "RoomOS 10.19.2.2"
},
{
"status": "affected",
"version": "RoomOS 11.1.3.1"
},
{
"status": "affected",
"version": "RoomOS 10.11.6.0"
},
{
"status": "affected",
"version": "RoomOS 10.19.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.19.4.2"
},
{
"status": "affected",
"version": "RoomOS 10.3.2.4"
},
{
"status": "affected",
"version": "RoomOS 10.3.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.15.3.0"
},
{
"status": "affected",
"version": "RoomOS 11.1.4.1"
},
{
"status": "affected",
"version": "RoomOS 11.14.2.3"
},
{
"status": "affected",
"version": "RoomOS 11.1.2.4"
},
{
"status": "affected",
"version": "RoomOS 10.8.3.1"
},
{
"status": "affected",
"version": "RoomOS 11.14.2.1"
},
{
"status": "affected",
"version": "RoomOS 10.3.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.8.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.15.4.1"
},
{
"status": "affected",
"version": "RoomOS 10.19.5.6"
},
{
"status": "affected",
"version": "RoomOS 10.11.4.1"
},
{
"status": "affected",
"version": "RoomOS 11.9.3.1"
},
{
"status": "affected",
"version": "RoomOS 11.5.3.3"
},
{
"status": "affected",
"version": "RoomOS 10.3.2.0"
},
{
"status": "affected",
"version": "RoomOS 11.9.2.4"
},
{
"status": "affected",
"version": "RoomOS 11.14.3.0"
},
{
"status": "affected",
"version": "RoomOS 11.17.2.2"
},
{
"status": "affected",
"version": "RoomOS 11.14.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.19 StepUpg"
},
{
"status": "affected",
"version": "RoomOS 11.17.3.0"
},
{
"status": "affected",
"version": "RoomOS 11.20.2.3"
},
{
"status": "affected",
"version": "RoomOS 11.14.5.0"
},
{
"status": "affected",
"version": "RoomOS 11.17.4.0"
},
{
"status": "affected",
"version": "RoomOS 11.20.3.0"
},
{
"status": "affected",
"version": "RoomOS 11.23.1.6"
},
{
"status": "affected",
"version": "RoomOS 11.23.1.8"
},
{
"status": "affected",
"version": "RoomOS 11.24.1.5"
},
{
"status": "affected",
"version": "RoomOS 11.24.2.4"
},
{
"status": "affected",
"version": "RoomOS 11.24.3.0"
},
{
"status": "affected",
"version": "RoomOS 11.24.4.1"
},
{
"status": "affected",
"version": "RoomOS 11.27.2.0"
},
{
"status": "affected",
"version": "RoomOS 11.28.1.3"
},
{
"status": "affected",
"version": "RoomOS 11.27.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative\u0026nbsp;credentials.\r\n\r\nThis vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII).\r\nNote: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:14:59.904Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-inf-disc-qGgsbxAm",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-inf-disc-qGgsbxAm"
}
],
"source": {
"advisory": "cisco-sa-roomos-inf-disc-qGgsbxAm",
"defects": [
"CSCwp08812"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20329",
"datePublished": "2025-10-15T16:14:59.904Z",
"dateReserved": "2024-10-10T19:15:13.254Z",
"dateUpdated": "2025-10-15T17:42:48.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20793 (GCVE-0-2022-20793)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:34 – Updated: 2024-11-15 21:12
VLAI?
Summary
A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device.
This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.
Severity ?
6.8 (Medium)
CWE
- CWE-325 - Missing Required Cryptographic Step
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "roomos",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:telepresence_tc_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "telepresence_tc_software",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:telepresence_ce_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "telepresence_ce_software",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T21:07:36.103341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:12:23.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "CE9.10.2"
},
{
"status": "affected",
"version": "CE9.1.4"
},
{
"status": "affected",
"version": "CE9.10.3"
},
{
"status": "affected",
"version": "CE9.1.5"
},
{
"status": "affected",
"version": "CE9.10.1"
},
{
"status": "affected",
"version": "CE9.13.0"
},
{
"status": "affected",
"version": "CE9.1.1"
},
{
"status": "affected",
"version": "CE9.9.4"
},
{
"status": "affected",
"version": "CE9.2.1"
},
{
"status": "affected",
"version": "CE9.1.3"
},
{
"status": "affected",
"version": "CE9.1.6"
},
{
"status": "affected",
"version": "CE9.12.3"
},
{
"status": "affected",
"version": "CE9.13.1"
},
{
"status": "affected",
"version": "CE9.12.4"
},
{
"status": "affected",
"version": "CE9.14.3"
},
{
"status": "affected",
"version": "CE9.14.4"
},
{
"status": "affected",
"version": "CE9.13.2"
},
{
"status": "affected",
"version": "CE9.12.5"
},
{
"status": "affected",
"version": "CE9.14.5"
},
{
"status": "affected",
"version": "CE9.15.0.10"
},
{
"status": "affected",
"version": "CE9.15.0.11"
},
{
"status": "affected",
"version": "CE9.13.3"
},
{
"status": "affected",
"version": "CE9.15.0.13"
},
{
"status": "affected",
"version": "CE9.14.6"
},
{
"status": "affected",
"version": "CE9.15.3.17"
},
{
"status": "affected",
"version": "CE9.14.7"
},
{
"status": "affected",
"version": "CE9.15.0.19"
},
{
"status": "affected",
"version": "CE9.15.3.19"
},
{
"status": "affected",
"version": "CE9.15.3.18"
},
{
"status": "affected",
"version": "CE9.0.1"
},
{
"status": "affected",
"version": "CE9.2.2"
},
{
"status": "affected",
"version": "CE9.1.2"
},
{
"status": "affected",
"version": "CE9.9.3"
},
{
"status": "affected",
"version": "CE9.2.4"
},
{
"status": "affected",
"version": "CE9.2.3"
},
{
"status": "affected",
"version": "CE9.15.3.22"
},
{
"status": "affected",
"version": "CE9.15.8.12"
},
{
"status": "affected",
"version": "CE9.15.10.8"
},
{
"status": "affected",
"version": "CE9.15.3.26"
},
{
"status": "affected",
"version": "CE9.15.3.25"
},
{
"status": "affected",
"version": "CE9.15.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in pairing process of Cisco\u0026nbsp;TelePresence CE Software and RoomOS Software for Cisco\u0026nbsp;Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device.\r\nThis vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "Missing Required Cryptographic Step",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:34:33.919Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-CTT-IVV-4A66Dsfj",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj"
}
],
"source": {
"advisory": "cisco-sa-CTT-IVV-4A66Dsfj",
"defects": [
"CSCvw08723"
],
"discovery": "INTERNAL"
},
"title": "Cisco Touch 10 Device Insufficient Identity Verification Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20793",
"datePublished": "2024-11-15T15:34:33.919Z",
"dateReserved": "2021-11-02T13:28:29.168Z",
"dateUpdated": "2024-11-15T21:12:23.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20004 (GCVE-0-2023-20004)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:23 – Updated: 2024-11-15 15:37
VLAI?
Summary
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.
These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.
Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Severity ?
4.4 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:37:09.280084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:37:26.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "CE9.10.2"
},
{
"status": "affected",
"version": "CE9.1.4"
},
{
"status": "affected",
"version": "CE9.9.3"
},
{
"status": "affected",
"version": "CE9.10.3"
},
{
"status": "affected",
"version": "CE9.1.5"
},
{
"status": "affected",
"version": "CE9.2.4"
},
{
"status": "affected",
"version": "CE9.10.1"
},
{
"status": "affected",
"version": "CE9.13.0"
},
{
"status": "affected",
"version": "CE9.1.2"
},
{
"status": "affected",
"version": "CE9.1.1"
},
{
"status": "affected",
"version": "CE9.9.4"
},
{
"status": "affected",
"version": "CE9.2.1"
},
{
"status": "affected",
"version": "CE9.1.3"
},
{
"status": "affected",
"version": "CE9.0.1"
},
{
"status": "affected",
"version": "CE9.1.6"
},
{
"status": "affected",
"version": "CE9.12.4"
},
{
"status": "affected",
"version": "CE9.2.2"
},
{
"status": "affected",
"version": "CE9.12.3"
},
{
"status": "affected",
"version": "CE9.2.3"
},
{
"status": "affected",
"version": "CE9.13.1"
},
{
"status": "affected",
"version": "CE9.14.3"
},
{
"status": "affected",
"version": "CE9.14.4"
},
{
"status": "affected",
"version": "CE9.13.2"
},
{
"status": "affected",
"version": "CE9.12.5"
},
{
"status": "affected",
"version": "CE9.14.5"
},
{
"status": "affected",
"version": "CE9.15.0.10"
},
{
"status": "affected",
"version": "CE9.15.0.11"
},
{
"status": "affected",
"version": "CE9.13.3"
},
{
"status": "affected",
"version": "CE9.15.0.13"
},
{
"status": "affected",
"version": "CE9.14.6"
},
{
"status": "affected",
"version": "CE9.15.3.17"
},
{
"status": "affected",
"version": "CE9.14.7"
},
{
"status": "affected",
"version": "CE9.15.0.19"
},
{
"status": "affected",
"version": "CE9.15.3.19"
},
{
"status": "affected",
"version": "CE9.15.3.18"
},
{
"status": "affected",
"version": "CE9.15.3.22"
},
{
"status": "affected",
"version": "CE9.15.8.12"
},
{
"status": "affected",
"version": "CE9.15.10.8"
},
{
"status": "affected",
"version": "CE9.15.3.26"
},
{
"status": "affected",
"version": "CE9.15.3.25"
},
{
"status": "affected",
"version": "CE9.15.13.0"
},
{
"status": "affected",
"version": "CE9.15.15.4"
},
{
"status": "affected",
"version": "CE9.15.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:23:29.140Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-file-write-rHKwegKf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
}
],
"source": {
"advisory": "cisco-sa-roomos-file-write-rHKwegKf",
"defects": [
"CSCwc47206"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20004",
"datePublished": "2024-11-15T15:23:29.140Z",
"dateReserved": "2022-10-27T18:47:50.305Z",
"dateUpdated": "2024-11-15T15:37:26.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20090 (GCVE-0-2023-20090)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:19 – Updated: 2024-11-15 17:15
VLAI?
Summary
A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
6.7 (Medium)
CWE
- CWE-27 - Path Traversal: 'dir/../../filename'
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "telepresence_collaboration_endpoint",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.10.1"
},
{
"status": "affected",
"version": "9.10.2"
},
{
"status": "affected",
"version": "9.10.3"
},
{
"status": "affected",
"version": "9.1.1"
},
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "9.12.3"
},
{
"status": "affected",
"version": "9.12.4"
},
{
"status": "affected",
"version": "9.12.5"
},
{
"status": "affected",
"version": "9.1.3"
},
{
"status": "affected",
"version": "9.13.0"
},
{
"status": "affected",
"version": "9.13.1"
},
{
"status": "affected",
"version": "9.13.2"
},
{
"status": "affected",
"version": "9.13.3"
},
{
"status": "affected",
"version": "9.1.4"
},
{
"status": "affected",
"version": "9.14.3"
},
{
"status": "affected",
"version": "9.14.4"
},
{
"status": "affected",
"version": "9.14.5"
},
{
"status": "affected",
"version": "9.14.6"
},
{
"status": "affected",
"version": "9.1.5"
},
{
"status": "affected",
"version": "9.15.0.10"
},
{
"status": "affected",
"version": "9.15.0.11"
},
{
"status": "affected",
"version": "9.15.13.0"
},
{
"status": "affected",
"version": "9.15.8.12"
},
{
"status": "affected",
"version": "9.1.6"
},
{
"status": "affected",
"version": "9.2.1"
},
{
"status": "affected",
"version": "9.2.2"
},
{
"status": "affected",
"version": "9.2.3"
},
{
"status": "affected",
"version": "9.2.4"
},
{
"status": "affected",
"version": "9.9.3"
},
{
"status": "affected",
"version": "9.9.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.15.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.16.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "telepresence_collaboration_endpoint",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "9.15.0.19"
},
{
"status": "affected",
"version": "9.15.10.8"
},
{
"status": "affected",
"version": "9.15.13.0"
},
{
"status": "affected",
"version": "9.15.15.4"
},
{
"status": "affected",
"version": "9.15.16.5"
},
{
"status": "affected",
"version": "9.15.3.18"
},
{
"status": "affected",
"version": "9.15.3.19"
},
{
"status": "affected",
"version": "9.15.3.22"
},
{
"status": "affected",
"version": "9.15.3.25"
},
{
"status": "affected",
"version": "9.15.3.26"
},
{
"status": "affected",
"version": "9.15.8.12"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:49:25.857316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:15:43.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "CE9.10.2"
},
{
"status": "affected",
"version": "CE9.1.4"
},
{
"status": "affected",
"version": "CE9.9.3"
},
{
"status": "affected",
"version": "CE9.10.3"
},
{
"status": "affected",
"version": "CE9.1.5"
},
{
"status": "affected",
"version": "CE9.2.4"
},
{
"status": "affected",
"version": "CE9.10.1"
},
{
"status": "affected",
"version": "CE9.13.0"
},
{
"status": "affected",
"version": "CE9.1.2"
},
{
"status": "affected",
"version": "CE9.1.1"
},
{
"status": "affected",
"version": "CE9.9.4"
},
{
"status": "affected",
"version": "CE9.2.1"
},
{
"status": "affected",
"version": "CE9.1.3"
},
{
"status": "affected",
"version": "CE9.0.1"
},
{
"status": "affected",
"version": "CE9.1.6"
},
{
"status": "affected",
"version": "CE9.12.4"
},
{
"status": "affected",
"version": "CE9.2.2"
},
{
"status": "affected",
"version": "CE9.12.3"
},
{
"status": "affected",
"version": "CE9.2.3"
},
{
"status": "affected",
"version": "CE9.13.1"
},
{
"status": "affected",
"version": "CE9.14.3"
},
{
"status": "affected",
"version": "CE9.14.4"
},
{
"status": "affected",
"version": "CE9.13.2"
},
{
"status": "affected",
"version": "CE9.12.5"
},
{
"status": "affected",
"version": "CE9.14.5"
},
{
"status": "affected",
"version": "CE9.15.0.10"
},
{
"status": "affected",
"version": "CE9.15.0.11"
},
{
"status": "affected",
"version": "CE9.13.3"
},
{
"status": "affected",
"version": "CE9.15.0.13"
},
{
"status": "affected",
"version": "CE9.14.6"
},
{
"status": "affected",
"version": "CE9.15.3.17"
},
{
"status": "affected",
"version": "CE9.14.7"
},
{
"status": "affected",
"version": "CE9.15.0.19"
},
{
"status": "affected",
"version": "CE9.15.3.19"
},
{
"status": "affected",
"version": "CE9.15.3.18"
},
{
"status": "affected",
"version": "CE9.15.3.22"
},
{
"status": "affected",
"version": "CE9.15.8.12"
},
{
"status": "affected",
"version": "CE9.15.10.8"
},
{
"status": "affected",
"version": "CE9.15.3.26"
},
{
"status": "affected",
"version": "CE9.15.3.25"
},
{
"status": "affected",
"version": "CE9.15.13.0"
},
{
"status": "affected",
"version": "CE9.15.15.4"
},
{
"status": "affected",
"version": "CE9.15.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-27",
"description": "Path Traversal: \u0027dir/../../filename\u0027",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:19:09.891Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-file-write-rHKwegKf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
}
],
"source": {
"advisory": "cisco-sa-roomos-file-write-rHKwegKf",
"defects": [
"CSCwc85883"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20090",
"datePublished": "2024-11-15T15:19:09.891Z",
"dateReserved": "2022-10-27T18:47:50.335Z",
"dateUpdated": "2024-11-15T17:15:43.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20092 (GCVE-0-2023-20092)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:12 – Updated: 2024-11-15 15:42
VLAI?
Summary
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.
These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.
Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Severity ?
4.4 (Medium)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:42:30.481069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:42:48.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:12:58.590Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-file-write-rHKwegKf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
}
],
"source": {
"advisory": "cisco-sa-roomos-file-write-rHKwegKf",
"defects": [
"CSCwc47236"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20092",
"datePublished": "2024-11-15T15:12:58.590Z",
"dateReserved": "2022-10-27T18:47:50.336Z",
"dateUpdated": "2024-11-15T15:42:48.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20093 (GCVE-0-2023-20093)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:11 – Updated: 2024-11-15 15:43
VLAI?
Summary
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.
These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.
Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Severity ?
4.4 (Medium)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:42:49.987851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:43:07.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:11:19.884Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-file-write-rHKwegKf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
}
],
"source": {
"advisory": "cisco-sa-roomos-file-write-rHKwegKf",
"defects": [
"CSCwc71187"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20093",
"datePublished": "2024-11-15T15:11:19.884Z",
"dateReserved": "2022-10-27T18:47:50.336Z",
"dateUpdated": "2024-11-15T15:43:07.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20094 (GCVE-0-2023-20094)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:08 – Updated: 2024-11-15 15:43
VLAI?
Summary
A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device.
This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information.
Note: This vulnerability only affects Cisco Webex Desk Hub.
There are no workarounds that address this vulnerability.
Severity ?
4.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:43:09.416209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:43:30.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device.\r\n\r\nThis vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information.\r\nNote: This vulnerability only affects Cisco Webex Desk Hub.\r\nThere are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:08:14.206Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-file-write-rHKwegKf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
}
],
"source": {
"advisory": "cisco-sa-roomos-file-write-rHKwegKf",
"defects": [
"CSCwb86296"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20094",
"datePublished": "2024-11-15T15:08:04.290Z",
"dateReserved": "2022-10-27T18:47:50.336Z",
"dateUpdated": "2024-11-15T15:43:30.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20008 (GCVE-0-2023-20008)
Vulnerability from cvelistv5 – Published: 2023-01-19 01:41 – Updated: 2024-08-02 08:57
VLAI?
Summary
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.
This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
Severity ?
4.4 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
RoomOS 10.3.2.0
Affected: RoomOS 10.3.4.0 Affected: RoomOS 10.8.2.5 Affected: RoomOS 10.11.5.2 Affected: RoomOS 10.8.4.0 Affected: RoomOS 10.11.3.0 Affected: RoomOS 10.15.3.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-roomos-dkjGFgRK",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "RoomOS 10.3.2.0"
},
{
"status": "affected",
"version": "RoomOS 10.3.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.8.2.5"
},
{
"status": "affected",
"version": "RoomOS 10.11.5.2"
},
{
"status": "affected",
"version": "RoomOS 10.8.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.15.3.0"
}
]
},
{
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "CE9.0.1"
},
{
"status": "affected",
"version": "CE9.1.1"
},
{
"status": "affected",
"version": "CE9.1.2"
},
{
"status": "affected",
"version": "CE9.1.3"
},
{
"status": "affected",
"version": "CE9.1.4"
},
{
"status": "affected",
"version": "CE9.1.5"
},
{
"status": "affected",
"version": "CE9.1.6"
},
{
"status": "affected",
"version": "CE9.10.1"
},
{
"status": "affected",
"version": "CE9.10.2"
},
{
"status": "affected",
"version": "CE9.10.3"
},
{
"status": "affected",
"version": "CE9.12.4"
},
{
"status": "affected",
"version": "CE9.12.5"
},
{
"status": "affected",
"version": "CE9.12.3"
},
{
"status": "affected",
"version": "CE9.13.0"
},
{
"status": "affected",
"version": "CE9.13.1"
},
{
"status": "affected",
"version": "CE9.13.3"
},
{
"status": "affected",
"version": "CE9.13.2"
},
{
"status": "affected",
"version": "CE9.2.1"
},
{
"status": "affected",
"version": "CE9.2.2"
},
{
"status": "affected",
"version": "CE9.2.3"
},
{
"status": "affected",
"version": "CE9.2.4"
},
{
"status": "affected",
"version": "CE9.9.3"
},
{
"status": "affected",
"version": "CE9.9.4"
},
{
"status": "affected",
"version": "CE9.14.3"
},
{
"status": "affected",
"version": "CE9.14.5"
},
{
"status": "affected",
"version": "CE9.14.4"
},
{
"status": "affected",
"version": "CE9.14.6"
},
{
"status": "affected",
"version": "CE9.14.7"
},
{
"status": "affected",
"version": "CE9.15.0.11"
},
{
"status": "affected",
"version": "CE9.15.0.10"
},
{
"status": "affected",
"version": "CE9.15.8.12"
},
{
"status": "affected",
"version": "CE9.15.13.0"
},
{
"status": "affected",
"version": "CE9.15.10.8"
},
{
"status": "affected",
"version": "CE9.15.3.26"
},
{
"status": "affected",
"version": "CE9.15.3.25"
},
{
"status": "affected",
"version": "CE9.15.3.17"
},
{
"status": "affected",
"version": "CE9.15.3.22"
},
{
"status": "affected",
"version": "CE9.15.0.19"
},
{
"status": "affected",
"version": "TC7.3.21"
},
{
"status": "affected",
"version": "RoomOS 10.8.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.5.2"
},
{
"status": "affected",
"version": "RoomOS 10.15.3.0"
},
{
"status": "affected",
"version": "9.15.3.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.\r\n\r This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:30.027Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-dkjGFgRK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
}
],
"source": {
"advisory": "cisco-sa-roomos-dkjGFgRK",
"defects": [
"CSCwc47201"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20008",
"datePublished": "2023-01-19T01:41:03.629Z",
"dateReserved": "2022-10-27T18:47:50.307Z",
"dateUpdated": "2024-08-02T08:57:35.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20002 (GCVE-0-2023-20002)
Vulnerability from cvelistv5 – Published: 2023-01-19 01:40 – Updated: 2024-08-02 08:57
VLAI?
Summary
A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system.
Severity ?
4.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
RoomOS 10.3.2.0
Affected: RoomOS 10.3.4.0 Affected: RoomOS 10.8.2.5 Affected: RoomOS 10.11.5.2 Affected: RoomOS 10.8.4.0 Affected: RoomOS 10.11.3.0 Affected: RoomOS 10.15.3.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-roomos-dkjGFgRK",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "RoomOS 10.3.2.0"
},
{
"status": "affected",
"version": "RoomOS 10.3.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.8.2.5"
},
{
"status": "affected",
"version": "RoomOS 10.11.5.2"
},
{
"status": "affected",
"version": "RoomOS 10.8.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.15.3.0"
}
]
},
{
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "CE9.0.1"
},
{
"status": "affected",
"version": "CE9.1.1"
},
{
"status": "affected",
"version": "CE9.1.2"
},
{
"status": "affected",
"version": "CE9.1.3"
},
{
"status": "affected",
"version": "CE9.1.4"
},
{
"status": "affected",
"version": "CE9.1.5"
},
{
"status": "affected",
"version": "CE9.1.6"
},
{
"status": "affected",
"version": "CE9.10.1"
},
{
"status": "affected",
"version": "CE9.10.2"
},
{
"status": "affected",
"version": "CE9.10.3"
},
{
"status": "affected",
"version": "CE9.12.4"
},
{
"status": "affected",
"version": "CE9.12.5"
},
{
"status": "affected",
"version": "CE9.12.3"
},
{
"status": "affected",
"version": "CE9.13.0"
},
{
"status": "affected",
"version": "CE9.13.1"
},
{
"status": "affected",
"version": "CE9.13.3"
},
{
"status": "affected",
"version": "CE9.13.2"
},
{
"status": "affected",
"version": "CE9.2.1"
},
{
"status": "affected",
"version": "CE9.2.2"
},
{
"status": "affected",
"version": "CE9.2.3"
},
{
"status": "affected",
"version": "CE9.2.4"
},
{
"status": "affected",
"version": "CE9.9.3"
},
{
"status": "affected",
"version": "CE9.9.4"
},
{
"status": "affected",
"version": "CE9.14.3"
},
{
"status": "affected",
"version": "CE9.14.5"
},
{
"status": "affected",
"version": "CE9.14.4"
},
{
"status": "affected",
"version": "CE9.14.6"
},
{
"status": "affected",
"version": "CE9.14.7"
},
{
"status": "affected",
"version": "CE9.15.0.11"
},
{
"status": "affected",
"version": "CE9.15.0.10"
},
{
"status": "affected",
"version": "CE9.15.10.8"
},
{
"status": "affected",
"version": "CE9.15.3.26"
},
{
"status": "affected",
"version": "CE9.15.3.25"
},
{
"status": "affected",
"version": "CE9.15.3.17"
},
{
"status": "affected",
"version": "CE9.15.3.22"
},
{
"status": "affected",
"version": "CE9.15.0.19"
},
{
"status": "affected",
"version": "RoomOS 10.8.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.5.2"
},
{
"status": "affected",
"version": "RoomOS 10.15.3.0"
},
{
"status": "affected",
"version": "9.15.3.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:28.759Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-dkjGFgRK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
}
],
"source": {
"advisory": "cisco-sa-roomos-dkjGFgRK",
"defects": [
"CSCwc85914"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20002",
"datePublished": "2023-01-19T01:40:44.838Z",
"dateReserved": "2022-10-27T18:47:50.305Z",
"dateUpdated": "2024-08-02T08:57:35.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20776 (GCVE-0-2022-20776)
Vulnerability from cvelistv5 – Published: 2022-10-26 14:01 – Updated: 2024-10-25 16:05
VLAI?
Summary
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:36:56.062350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:05:19.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"source": {
"advisory": "cisco-sa-roomos-trav-beFvCcyu",
"defect": [
[
"CSCwb29733",
"CSCwc21962",
"CSCwc47215",
"CSCwc47220",
"CSCwc47228"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20776",
"datePublished": "2022-10-26T14:01:18.142194Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-10-25T16:05:19.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20955 (GCVE-0-2022-20955)
Vulnerability from cvelistv5 – Published: 2022-10-26 14:01 – Updated: 2024-10-25 16:05
VLAI?
Summary
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:36:57.942858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:05:25.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"source": {
"advisory": "cisco-sa-roomos-trav-beFvCcyu",
"defect": [
[
"CSCwb29733",
"CSCwc21962",
"CSCwc47215",
"CSCwc47220",
"CSCwc47228"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20955",
"datePublished": "2022-10-26T14:01:04.676731Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-10-25T16:05:25.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20954 (GCVE-0-2022-20954)
Vulnerability from cvelistv5 – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
VLAI?
Summary
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:58.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:36:59.314682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:05:33.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"source": {
"advisory": "cisco-sa-roomos-trav-beFvCcyu",
"defect": [
[
"CSCwb29733",
"CSCwc21962",
"CSCwc47215",
"CSCwc47220",
"CSCwc47228"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20954",
"datePublished": "2022-10-26T14:00:54.656275Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-10-25T16:05:33.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20953 (GCVE-0-2022-20953)
Vulnerability from cvelistv5 – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
VLAI?
Summary
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:37:00.694014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:05:40.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"source": {
"advisory": "cisco-sa-roomos-trav-beFvCcyu",
"defect": [
[
"CSCwb29733",
"CSCwc21962",
"CSCwc47215",
"CSCwc47220",
"CSCwc47228"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20953",
"datePublished": "2022-10-26T14:00:44.967402Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-10-25T16:05:40.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20811 (GCVE-0-2022-20811)
Vulnerability from cvelistv5 – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
VLAI?
Summary
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:37:02.309084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:05:48.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"source": {
"advisory": "cisco-sa-roomos-trav-beFvCcyu",
"defect": [
[
"CSCwb29733",
"CSCwc21962",
"CSCwc47215",
"CSCwc47220",
"CSCwc47228"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20811",
"datePublished": "2022-10-26T14:00:20.814557Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-10-25T16:05:48.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20768 (GCVE-0-2022-20768)
Vulnerability from cvelistv5 – Published: 2022-07-06 20:30 – Updated: 2024-11-01 19:00
VLAI?
Summary
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials.
Severity ?
4.9 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T18:41:08.923271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T19:00:40.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T20:30:17",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
}
],
"source": {
"advisory": "cisco-sa-roomos-infodisc-YOTz9Ct7",
"defect": [
[
"CSCwa87973"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-07-06T16:00:00",
"ID": "CVE-2022-20768",
"STATE": "PUBLIC",
"TITLE": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco RoomOS Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.9",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
}
]
},
"source": {
"advisory": "cisco-sa-roomos-infodisc-YOTz9Ct7",
"defect": [
[
"CSCwa87973"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20768",
"datePublished": "2022-07-06T20:30:17.911907Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-01T19:00:40.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20329 (GCVE-0-2025-20329)
Vulnerability from nvd – Published: 2025-10-15 16:14 – Updated: 2025-10-15 17:42
VLAI?
Summary
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII).
Note: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials.
Severity ?
4.9 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
RoomOS 10.11.2.2
Affected: RoomOS 10.15.2.2 Affected: RoomOS 11.5.4.6 Affected: RoomOS 11.5.2.4 Affected: RoomOS 10.8.2.5 Affected: RoomOS 10.11.5.2 Affected: RoomOS 10.11.3.0 Affected: RoomOS 10.15.5.3 Affected: RoomOS 10.19.2.2 Affected: RoomOS 11.1.3.1 Affected: RoomOS 10.11.6.0 Affected: RoomOS 10.19.3.0 Affected: RoomOS 10.19.4.2 Affected: RoomOS 10.3.2.4 Affected: RoomOS 10.3.4.0 Affected: RoomOS 10.15.3.0 Affected: RoomOS 11.1.4.1 Affected: RoomOS 11.14.2.3 Affected: RoomOS 11.1.2.4 Affected: RoomOS 10.8.3.1 Affected: RoomOS 11.14.2.1 Affected: RoomOS 10.3.3.0 Affected: RoomOS 10.8.4.0 Affected: RoomOS 10.15.4.1 Affected: RoomOS 10.19.5.6 Affected: RoomOS 10.11.4.1 Affected: RoomOS 11.9.3.1 Affected: RoomOS 11.5.3.3 Affected: RoomOS 10.3.2.0 Affected: RoomOS 11.9.2.4 Affected: RoomOS 11.14.3.0 Affected: RoomOS 11.17.2.2 Affected: RoomOS 11.14.4.0 Affected: RoomOS 10.19 StepUpg Affected: RoomOS 11.17.3.0 Affected: RoomOS 11.20.2.3 Affected: RoomOS 11.14.5.0 Affected: RoomOS 11.17.4.0 Affected: RoomOS 11.20.3.0 Affected: RoomOS 11.23.1.6 Affected: RoomOS 11.23.1.8 Affected: RoomOS 11.24.1.5 Affected: RoomOS 11.24.2.4 Affected: RoomOS 11.24.3.0 Affected: RoomOS 11.24.4.1 Affected: RoomOS 11.27.2.0 Affected: RoomOS 11.28.1.3 Affected: RoomOS 11.27.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T17:42:38.688864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T17:42:48.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "RoomOS 10.11.2.2"
},
{
"status": "affected",
"version": "RoomOS 10.15.2.2"
},
{
"status": "affected",
"version": "RoomOS 11.5.4.6"
},
{
"status": "affected",
"version": "RoomOS 11.5.2.4"
},
{
"status": "affected",
"version": "RoomOS 10.8.2.5"
},
{
"status": "affected",
"version": "RoomOS 10.11.5.2"
},
{
"status": "affected",
"version": "RoomOS 10.11.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.15.5.3"
},
{
"status": "affected",
"version": "RoomOS 10.19.2.2"
},
{
"status": "affected",
"version": "RoomOS 11.1.3.1"
},
{
"status": "affected",
"version": "RoomOS 10.11.6.0"
},
{
"status": "affected",
"version": "RoomOS 10.19.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.19.4.2"
},
{
"status": "affected",
"version": "RoomOS 10.3.2.4"
},
{
"status": "affected",
"version": "RoomOS 10.3.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.15.3.0"
},
{
"status": "affected",
"version": "RoomOS 11.1.4.1"
},
{
"status": "affected",
"version": "RoomOS 11.14.2.3"
},
{
"status": "affected",
"version": "RoomOS 11.1.2.4"
},
{
"status": "affected",
"version": "RoomOS 10.8.3.1"
},
{
"status": "affected",
"version": "RoomOS 11.14.2.1"
},
{
"status": "affected",
"version": "RoomOS 10.3.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.8.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.15.4.1"
},
{
"status": "affected",
"version": "RoomOS 10.19.5.6"
},
{
"status": "affected",
"version": "RoomOS 10.11.4.1"
},
{
"status": "affected",
"version": "RoomOS 11.9.3.1"
},
{
"status": "affected",
"version": "RoomOS 11.5.3.3"
},
{
"status": "affected",
"version": "RoomOS 10.3.2.0"
},
{
"status": "affected",
"version": "RoomOS 11.9.2.4"
},
{
"status": "affected",
"version": "RoomOS 11.14.3.0"
},
{
"status": "affected",
"version": "RoomOS 11.17.2.2"
},
{
"status": "affected",
"version": "RoomOS 11.14.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.19 StepUpg"
},
{
"status": "affected",
"version": "RoomOS 11.17.3.0"
},
{
"status": "affected",
"version": "RoomOS 11.20.2.3"
},
{
"status": "affected",
"version": "RoomOS 11.14.5.0"
},
{
"status": "affected",
"version": "RoomOS 11.17.4.0"
},
{
"status": "affected",
"version": "RoomOS 11.20.3.0"
},
{
"status": "affected",
"version": "RoomOS 11.23.1.6"
},
{
"status": "affected",
"version": "RoomOS 11.23.1.8"
},
{
"status": "affected",
"version": "RoomOS 11.24.1.5"
},
{
"status": "affected",
"version": "RoomOS 11.24.2.4"
},
{
"status": "affected",
"version": "RoomOS 11.24.3.0"
},
{
"status": "affected",
"version": "RoomOS 11.24.4.1"
},
{
"status": "affected",
"version": "RoomOS 11.27.2.0"
},
{
"status": "affected",
"version": "RoomOS 11.28.1.3"
},
{
"status": "affected",
"version": "RoomOS 11.27.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative\u0026nbsp;credentials.\r\n\r\nThis vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII).\r\nNote: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:14:59.904Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-inf-disc-qGgsbxAm",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-inf-disc-qGgsbxAm"
}
],
"source": {
"advisory": "cisco-sa-roomos-inf-disc-qGgsbxAm",
"defects": [
"CSCwp08812"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20329",
"datePublished": "2025-10-15T16:14:59.904Z",
"dateReserved": "2024-10-10T19:15:13.254Z",
"dateUpdated": "2025-10-15T17:42:48.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20793 (GCVE-0-2022-20793)
Vulnerability from nvd – Published: 2024-11-15 15:34 – Updated: 2024-11-15 21:12
VLAI?
Summary
A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device.
This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.
Severity ?
6.8 (Medium)
CWE
- CWE-325 - Missing Required Cryptographic Step
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "roomos",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:telepresence_tc_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "telepresence_tc_software",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:telepresence_ce_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "telepresence_ce_software",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T21:07:36.103341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:12:23.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "CE9.10.2"
},
{
"status": "affected",
"version": "CE9.1.4"
},
{
"status": "affected",
"version": "CE9.10.3"
},
{
"status": "affected",
"version": "CE9.1.5"
},
{
"status": "affected",
"version": "CE9.10.1"
},
{
"status": "affected",
"version": "CE9.13.0"
},
{
"status": "affected",
"version": "CE9.1.1"
},
{
"status": "affected",
"version": "CE9.9.4"
},
{
"status": "affected",
"version": "CE9.2.1"
},
{
"status": "affected",
"version": "CE9.1.3"
},
{
"status": "affected",
"version": "CE9.1.6"
},
{
"status": "affected",
"version": "CE9.12.3"
},
{
"status": "affected",
"version": "CE9.13.1"
},
{
"status": "affected",
"version": "CE9.12.4"
},
{
"status": "affected",
"version": "CE9.14.3"
},
{
"status": "affected",
"version": "CE9.14.4"
},
{
"status": "affected",
"version": "CE9.13.2"
},
{
"status": "affected",
"version": "CE9.12.5"
},
{
"status": "affected",
"version": "CE9.14.5"
},
{
"status": "affected",
"version": "CE9.15.0.10"
},
{
"status": "affected",
"version": "CE9.15.0.11"
},
{
"status": "affected",
"version": "CE9.13.3"
},
{
"status": "affected",
"version": "CE9.15.0.13"
},
{
"status": "affected",
"version": "CE9.14.6"
},
{
"status": "affected",
"version": "CE9.15.3.17"
},
{
"status": "affected",
"version": "CE9.14.7"
},
{
"status": "affected",
"version": "CE9.15.0.19"
},
{
"status": "affected",
"version": "CE9.15.3.19"
},
{
"status": "affected",
"version": "CE9.15.3.18"
},
{
"status": "affected",
"version": "CE9.0.1"
},
{
"status": "affected",
"version": "CE9.2.2"
},
{
"status": "affected",
"version": "CE9.1.2"
},
{
"status": "affected",
"version": "CE9.9.3"
},
{
"status": "affected",
"version": "CE9.2.4"
},
{
"status": "affected",
"version": "CE9.2.3"
},
{
"status": "affected",
"version": "CE9.15.3.22"
},
{
"status": "affected",
"version": "CE9.15.8.12"
},
{
"status": "affected",
"version": "CE9.15.10.8"
},
{
"status": "affected",
"version": "CE9.15.3.26"
},
{
"status": "affected",
"version": "CE9.15.3.25"
},
{
"status": "affected",
"version": "CE9.15.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in pairing process of Cisco\u0026nbsp;TelePresence CE Software and RoomOS Software for Cisco\u0026nbsp;Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device.\r\nThis vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "Missing Required Cryptographic Step",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:34:33.919Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-CTT-IVV-4A66Dsfj",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj"
}
],
"source": {
"advisory": "cisco-sa-CTT-IVV-4A66Dsfj",
"defects": [
"CSCvw08723"
],
"discovery": "INTERNAL"
},
"title": "Cisco Touch 10 Device Insufficient Identity Verification Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20793",
"datePublished": "2024-11-15T15:34:33.919Z",
"dateReserved": "2021-11-02T13:28:29.168Z",
"dateUpdated": "2024-11-15T21:12:23.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20004 (GCVE-0-2023-20004)
Vulnerability from nvd – Published: 2024-11-15 15:23 – Updated: 2024-11-15 15:37
VLAI?
Summary
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.
These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.
Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Severity ?
4.4 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:37:09.280084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:37:26.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "CE9.10.2"
},
{
"status": "affected",
"version": "CE9.1.4"
},
{
"status": "affected",
"version": "CE9.9.3"
},
{
"status": "affected",
"version": "CE9.10.3"
},
{
"status": "affected",
"version": "CE9.1.5"
},
{
"status": "affected",
"version": "CE9.2.4"
},
{
"status": "affected",
"version": "CE9.10.1"
},
{
"status": "affected",
"version": "CE9.13.0"
},
{
"status": "affected",
"version": "CE9.1.2"
},
{
"status": "affected",
"version": "CE9.1.1"
},
{
"status": "affected",
"version": "CE9.9.4"
},
{
"status": "affected",
"version": "CE9.2.1"
},
{
"status": "affected",
"version": "CE9.1.3"
},
{
"status": "affected",
"version": "CE9.0.1"
},
{
"status": "affected",
"version": "CE9.1.6"
},
{
"status": "affected",
"version": "CE9.12.4"
},
{
"status": "affected",
"version": "CE9.2.2"
},
{
"status": "affected",
"version": "CE9.12.3"
},
{
"status": "affected",
"version": "CE9.2.3"
},
{
"status": "affected",
"version": "CE9.13.1"
},
{
"status": "affected",
"version": "CE9.14.3"
},
{
"status": "affected",
"version": "CE9.14.4"
},
{
"status": "affected",
"version": "CE9.13.2"
},
{
"status": "affected",
"version": "CE9.12.5"
},
{
"status": "affected",
"version": "CE9.14.5"
},
{
"status": "affected",
"version": "CE9.15.0.10"
},
{
"status": "affected",
"version": "CE9.15.0.11"
},
{
"status": "affected",
"version": "CE9.13.3"
},
{
"status": "affected",
"version": "CE9.15.0.13"
},
{
"status": "affected",
"version": "CE9.14.6"
},
{
"status": "affected",
"version": "CE9.15.3.17"
},
{
"status": "affected",
"version": "CE9.14.7"
},
{
"status": "affected",
"version": "CE9.15.0.19"
},
{
"status": "affected",
"version": "CE9.15.3.19"
},
{
"status": "affected",
"version": "CE9.15.3.18"
},
{
"status": "affected",
"version": "CE9.15.3.22"
},
{
"status": "affected",
"version": "CE9.15.8.12"
},
{
"status": "affected",
"version": "CE9.15.10.8"
},
{
"status": "affected",
"version": "CE9.15.3.26"
},
{
"status": "affected",
"version": "CE9.15.3.25"
},
{
"status": "affected",
"version": "CE9.15.13.0"
},
{
"status": "affected",
"version": "CE9.15.15.4"
},
{
"status": "affected",
"version": "CE9.15.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:23:29.140Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-file-write-rHKwegKf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
}
],
"source": {
"advisory": "cisco-sa-roomos-file-write-rHKwegKf",
"defects": [
"CSCwc47206"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20004",
"datePublished": "2024-11-15T15:23:29.140Z",
"dateReserved": "2022-10-27T18:47:50.305Z",
"dateUpdated": "2024-11-15T15:37:26.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20090 (GCVE-0-2023-20090)
Vulnerability from nvd – Published: 2024-11-15 15:19 – Updated: 2024-11-15 17:15
VLAI?
Summary
A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
6.7 (Medium)
CWE
- CWE-27 - Path Traversal: 'dir/../../filename'
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "telepresence_collaboration_endpoint",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.10.1"
},
{
"status": "affected",
"version": "9.10.2"
},
{
"status": "affected",
"version": "9.10.3"
},
{
"status": "affected",
"version": "9.1.1"
},
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "9.12.3"
},
{
"status": "affected",
"version": "9.12.4"
},
{
"status": "affected",
"version": "9.12.5"
},
{
"status": "affected",
"version": "9.1.3"
},
{
"status": "affected",
"version": "9.13.0"
},
{
"status": "affected",
"version": "9.13.1"
},
{
"status": "affected",
"version": "9.13.2"
},
{
"status": "affected",
"version": "9.13.3"
},
{
"status": "affected",
"version": "9.1.4"
},
{
"status": "affected",
"version": "9.14.3"
},
{
"status": "affected",
"version": "9.14.4"
},
{
"status": "affected",
"version": "9.14.5"
},
{
"status": "affected",
"version": "9.14.6"
},
{
"status": "affected",
"version": "9.1.5"
},
{
"status": "affected",
"version": "9.15.0.10"
},
{
"status": "affected",
"version": "9.15.0.11"
},
{
"status": "affected",
"version": "9.15.13.0"
},
{
"status": "affected",
"version": "9.15.8.12"
},
{
"status": "affected",
"version": "9.1.6"
},
{
"status": "affected",
"version": "9.2.1"
},
{
"status": "affected",
"version": "9.2.2"
},
{
"status": "affected",
"version": "9.2.3"
},
{
"status": "affected",
"version": "9.2.4"
},
{
"status": "affected",
"version": "9.9.3"
},
{
"status": "affected",
"version": "9.9.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.15.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.16.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "telepresence_collaboration_endpoint",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "9.15.0.19"
},
{
"status": "affected",
"version": "9.15.10.8"
},
{
"status": "affected",
"version": "9.15.13.0"
},
{
"status": "affected",
"version": "9.15.15.4"
},
{
"status": "affected",
"version": "9.15.16.5"
},
{
"status": "affected",
"version": "9.15.3.18"
},
{
"status": "affected",
"version": "9.15.3.19"
},
{
"status": "affected",
"version": "9.15.3.22"
},
{
"status": "affected",
"version": "9.15.3.25"
},
{
"status": "affected",
"version": "9.15.3.26"
},
{
"status": "affected",
"version": "9.15.8.12"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:49:25.857316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:15:43.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "CE9.10.2"
},
{
"status": "affected",
"version": "CE9.1.4"
},
{
"status": "affected",
"version": "CE9.9.3"
},
{
"status": "affected",
"version": "CE9.10.3"
},
{
"status": "affected",
"version": "CE9.1.5"
},
{
"status": "affected",
"version": "CE9.2.4"
},
{
"status": "affected",
"version": "CE9.10.1"
},
{
"status": "affected",
"version": "CE9.13.0"
},
{
"status": "affected",
"version": "CE9.1.2"
},
{
"status": "affected",
"version": "CE9.1.1"
},
{
"status": "affected",
"version": "CE9.9.4"
},
{
"status": "affected",
"version": "CE9.2.1"
},
{
"status": "affected",
"version": "CE9.1.3"
},
{
"status": "affected",
"version": "CE9.0.1"
},
{
"status": "affected",
"version": "CE9.1.6"
},
{
"status": "affected",
"version": "CE9.12.4"
},
{
"status": "affected",
"version": "CE9.2.2"
},
{
"status": "affected",
"version": "CE9.12.3"
},
{
"status": "affected",
"version": "CE9.2.3"
},
{
"status": "affected",
"version": "CE9.13.1"
},
{
"status": "affected",
"version": "CE9.14.3"
},
{
"status": "affected",
"version": "CE9.14.4"
},
{
"status": "affected",
"version": "CE9.13.2"
},
{
"status": "affected",
"version": "CE9.12.5"
},
{
"status": "affected",
"version": "CE9.14.5"
},
{
"status": "affected",
"version": "CE9.15.0.10"
},
{
"status": "affected",
"version": "CE9.15.0.11"
},
{
"status": "affected",
"version": "CE9.13.3"
},
{
"status": "affected",
"version": "CE9.15.0.13"
},
{
"status": "affected",
"version": "CE9.14.6"
},
{
"status": "affected",
"version": "CE9.15.3.17"
},
{
"status": "affected",
"version": "CE9.14.7"
},
{
"status": "affected",
"version": "CE9.15.0.19"
},
{
"status": "affected",
"version": "CE9.15.3.19"
},
{
"status": "affected",
"version": "CE9.15.3.18"
},
{
"status": "affected",
"version": "CE9.15.3.22"
},
{
"status": "affected",
"version": "CE9.15.8.12"
},
{
"status": "affected",
"version": "CE9.15.10.8"
},
{
"status": "affected",
"version": "CE9.15.3.26"
},
{
"status": "affected",
"version": "CE9.15.3.25"
},
{
"status": "affected",
"version": "CE9.15.13.0"
},
{
"status": "affected",
"version": "CE9.15.15.4"
},
{
"status": "affected",
"version": "CE9.15.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-27",
"description": "Path Traversal: \u0027dir/../../filename\u0027",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:19:09.891Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-file-write-rHKwegKf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
}
],
"source": {
"advisory": "cisco-sa-roomos-file-write-rHKwegKf",
"defects": [
"CSCwc85883"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20090",
"datePublished": "2024-11-15T15:19:09.891Z",
"dateReserved": "2022-10-27T18:47:50.335Z",
"dateUpdated": "2024-11-15T17:15:43.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20092 (GCVE-0-2023-20092)
Vulnerability from nvd – Published: 2024-11-15 15:12 – Updated: 2024-11-15 15:42
VLAI?
Summary
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.
These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.
Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Severity ?
4.4 (Medium)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:42:30.481069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:42:48.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:12:58.590Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-file-write-rHKwegKf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
}
],
"source": {
"advisory": "cisco-sa-roomos-file-write-rHKwegKf",
"defects": [
"CSCwc47236"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20092",
"datePublished": "2024-11-15T15:12:58.590Z",
"dateReserved": "2022-10-27T18:47:50.336Z",
"dateUpdated": "2024-11-15T15:42:48.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20093 (GCVE-0-2023-20093)
Vulnerability from nvd – Published: 2024-11-15 15:11 – Updated: 2024-11-15 15:43
VLAI?
Summary
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.
These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.
Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Severity ?
4.4 (Medium)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:42:49.987851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:43:07.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:11:19.884Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-file-write-rHKwegKf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
}
],
"source": {
"advisory": "cisco-sa-roomos-file-write-rHKwegKf",
"defects": [
"CSCwc71187"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20093",
"datePublished": "2024-11-15T15:11:19.884Z",
"dateReserved": "2022-10-27T18:47:50.336Z",
"dateUpdated": "2024-11-15T15:43:07.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20094 (GCVE-0-2023-20094)
Vulnerability from nvd – Published: 2024-11-15 15:08 – Updated: 2024-11-15 15:43
VLAI?
Summary
A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device.
This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information.
Note: This vulnerability only affects Cisco Webex Desk Hub.
There are no workarounds that address this vulnerability.
Severity ?
4.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:43:09.416209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:43:30.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device.\r\n\r\nThis vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information.\r\nNote: This vulnerability only affects Cisco Webex Desk Hub.\r\nThere are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:08:14.206Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-file-write-rHKwegKf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
}
],
"source": {
"advisory": "cisco-sa-roomos-file-write-rHKwegKf",
"defects": [
"CSCwb86296"
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20094",
"datePublished": "2024-11-15T15:08:04.290Z",
"dateReserved": "2022-10-27T18:47:50.336Z",
"dateUpdated": "2024-11-15T15:43:30.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20008 (GCVE-0-2023-20008)
Vulnerability from nvd – Published: 2023-01-19 01:41 – Updated: 2024-08-02 08:57
VLAI?
Summary
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.
This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
Severity ?
4.4 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
RoomOS 10.3.2.0
Affected: RoomOS 10.3.4.0 Affected: RoomOS 10.8.2.5 Affected: RoomOS 10.11.5.2 Affected: RoomOS 10.8.4.0 Affected: RoomOS 10.11.3.0 Affected: RoomOS 10.15.3.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-roomos-dkjGFgRK",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "RoomOS 10.3.2.0"
},
{
"status": "affected",
"version": "RoomOS 10.3.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.8.2.5"
},
{
"status": "affected",
"version": "RoomOS 10.11.5.2"
},
{
"status": "affected",
"version": "RoomOS 10.8.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.15.3.0"
}
]
},
{
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "CE9.0.1"
},
{
"status": "affected",
"version": "CE9.1.1"
},
{
"status": "affected",
"version": "CE9.1.2"
},
{
"status": "affected",
"version": "CE9.1.3"
},
{
"status": "affected",
"version": "CE9.1.4"
},
{
"status": "affected",
"version": "CE9.1.5"
},
{
"status": "affected",
"version": "CE9.1.6"
},
{
"status": "affected",
"version": "CE9.10.1"
},
{
"status": "affected",
"version": "CE9.10.2"
},
{
"status": "affected",
"version": "CE9.10.3"
},
{
"status": "affected",
"version": "CE9.12.4"
},
{
"status": "affected",
"version": "CE9.12.5"
},
{
"status": "affected",
"version": "CE9.12.3"
},
{
"status": "affected",
"version": "CE9.13.0"
},
{
"status": "affected",
"version": "CE9.13.1"
},
{
"status": "affected",
"version": "CE9.13.3"
},
{
"status": "affected",
"version": "CE9.13.2"
},
{
"status": "affected",
"version": "CE9.2.1"
},
{
"status": "affected",
"version": "CE9.2.2"
},
{
"status": "affected",
"version": "CE9.2.3"
},
{
"status": "affected",
"version": "CE9.2.4"
},
{
"status": "affected",
"version": "CE9.9.3"
},
{
"status": "affected",
"version": "CE9.9.4"
},
{
"status": "affected",
"version": "CE9.14.3"
},
{
"status": "affected",
"version": "CE9.14.5"
},
{
"status": "affected",
"version": "CE9.14.4"
},
{
"status": "affected",
"version": "CE9.14.6"
},
{
"status": "affected",
"version": "CE9.14.7"
},
{
"status": "affected",
"version": "CE9.15.0.11"
},
{
"status": "affected",
"version": "CE9.15.0.10"
},
{
"status": "affected",
"version": "CE9.15.8.12"
},
{
"status": "affected",
"version": "CE9.15.13.0"
},
{
"status": "affected",
"version": "CE9.15.10.8"
},
{
"status": "affected",
"version": "CE9.15.3.26"
},
{
"status": "affected",
"version": "CE9.15.3.25"
},
{
"status": "affected",
"version": "CE9.15.3.17"
},
{
"status": "affected",
"version": "CE9.15.3.22"
},
{
"status": "affected",
"version": "CE9.15.0.19"
},
{
"status": "affected",
"version": "TC7.3.21"
},
{
"status": "affected",
"version": "RoomOS 10.8.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.5.2"
},
{
"status": "affected",
"version": "RoomOS 10.15.3.0"
},
{
"status": "affected",
"version": "9.15.3.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.\r\n\r This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:30.027Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-dkjGFgRK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
}
],
"source": {
"advisory": "cisco-sa-roomos-dkjGFgRK",
"defects": [
"CSCwc47201"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20008",
"datePublished": "2023-01-19T01:41:03.629Z",
"dateReserved": "2022-10-27T18:47:50.307Z",
"dateUpdated": "2024-08-02T08:57:35.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20002 (GCVE-0-2023-20002)
Vulnerability from nvd – Published: 2023-01-19 01:40 – Updated: 2024-08-02 08:57
VLAI?
Summary
A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system.
Severity ?
4.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
RoomOS 10.3.2.0
Affected: RoomOS 10.3.4.0 Affected: RoomOS 10.8.2.5 Affected: RoomOS 10.11.5.2 Affected: RoomOS 10.8.4.0 Affected: RoomOS 10.11.3.0 Affected: RoomOS 10.15.3.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-roomos-dkjGFgRK",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "RoomOS 10.3.2.0"
},
{
"status": "affected",
"version": "RoomOS 10.3.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.8.2.5"
},
{
"status": "affected",
"version": "RoomOS 10.11.5.2"
},
{
"status": "affected",
"version": "RoomOS 10.8.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.15.3.0"
}
]
},
{
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "CE9.0.1"
},
{
"status": "affected",
"version": "CE9.1.1"
},
{
"status": "affected",
"version": "CE9.1.2"
},
{
"status": "affected",
"version": "CE9.1.3"
},
{
"status": "affected",
"version": "CE9.1.4"
},
{
"status": "affected",
"version": "CE9.1.5"
},
{
"status": "affected",
"version": "CE9.1.6"
},
{
"status": "affected",
"version": "CE9.10.1"
},
{
"status": "affected",
"version": "CE9.10.2"
},
{
"status": "affected",
"version": "CE9.10.3"
},
{
"status": "affected",
"version": "CE9.12.4"
},
{
"status": "affected",
"version": "CE9.12.5"
},
{
"status": "affected",
"version": "CE9.12.3"
},
{
"status": "affected",
"version": "CE9.13.0"
},
{
"status": "affected",
"version": "CE9.13.1"
},
{
"status": "affected",
"version": "CE9.13.3"
},
{
"status": "affected",
"version": "CE9.13.2"
},
{
"status": "affected",
"version": "CE9.2.1"
},
{
"status": "affected",
"version": "CE9.2.2"
},
{
"status": "affected",
"version": "CE9.2.3"
},
{
"status": "affected",
"version": "CE9.2.4"
},
{
"status": "affected",
"version": "CE9.9.3"
},
{
"status": "affected",
"version": "CE9.9.4"
},
{
"status": "affected",
"version": "CE9.14.3"
},
{
"status": "affected",
"version": "CE9.14.5"
},
{
"status": "affected",
"version": "CE9.14.4"
},
{
"status": "affected",
"version": "CE9.14.6"
},
{
"status": "affected",
"version": "CE9.14.7"
},
{
"status": "affected",
"version": "CE9.15.0.11"
},
{
"status": "affected",
"version": "CE9.15.0.10"
},
{
"status": "affected",
"version": "CE9.15.10.8"
},
{
"status": "affected",
"version": "CE9.15.3.26"
},
{
"status": "affected",
"version": "CE9.15.3.25"
},
{
"status": "affected",
"version": "CE9.15.3.17"
},
{
"status": "affected",
"version": "CE9.15.3.22"
},
{
"status": "affected",
"version": "CE9.15.0.19"
},
{
"status": "affected",
"version": "RoomOS 10.8.4.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.3.0"
},
{
"status": "affected",
"version": "RoomOS 10.11.5.2"
},
{
"status": "affected",
"version": "RoomOS 10.15.3.0"
},
{
"status": "affected",
"version": "9.15.3.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:28.759Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-roomos-dkjGFgRK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
}
],
"source": {
"advisory": "cisco-sa-roomos-dkjGFgRK",
"defects": [
"CSCwc85914"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20002",
"datePublished": "2023-01-19T01:40:44.838Z",
"dateReserved": "2022-10-27T18:47:50.305Z",
"dateUpdated": "2024-08-02T08:57:35.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20776 (GCVE-0-2022-20776)
Vulnerability from nvd – Published: 2022-10-26 14:01 – Updated: 2024-10-25 16:05
VLAI?
Summary
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:36:56.062350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:05:19.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"source": {
"advisory": "cisco-sa-roomos-trav-beFvCcyu",
"defect": [
[
"CSCwb29733",
"CSCwc21962",
"CSCwc47215",
"CSCwc47220",
"CSCwc47228"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20776",
"datePublished": "2022-10-26T14:01:18.142194Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-10-25T16:05:19.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20955 (GCVE-0-2022-20955)
Vulnerability from nvd – Published: 2022-10-26 14:01 – Updated: 2024-10-25 16:05
VLAI?
Summary
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:36:57.942858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:05:25.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"source": {
"advisory": "cisco-sa-roomos-trav-beFvCcyu",
"defect": [
[
"CSCwb29733",
"CSCwc21962",
"CSCwc47215",
"CSCwc47220",
"CSCwc47228"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20955",
"datePublished": "2022-10-26T14:01:04.676731Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-10-25T16:05:25.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20954 (GCVE-0-2022-20954)
Vulnerability from nvd – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
VLAI?
Summary
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:58.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:36:59.314682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:05:33.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"source": {
"advisory": "cisco-sa-roomos-trav-beFvCcyu",
"defect": [
[
"CSCwb29733",
"CSCwc21962",
"CSCwc47215",
"CSCwc47220",
"CSCwc47228"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20954",
"datePublished": "2022-10-26T14:00:54.656275Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-10-25T16:05:33.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20953 (GCVE-0-2022-20953)
Vulnerability from nvd – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
VLAI?
Summary
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:37:00.694014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:05:40.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"source": {
"advisory": "cisco-sa-roomos-trav-beFvCcyu",
"defect": [
[
"CSCwb29733",
"CSCwc21962",
"CSCwc47215",
"CSCwc47220",
"CSCwc47228"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20953",
"datePublished": "2022-10-26T14:00:44.967402Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-10-25T16:05:40.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20811 (GCVE-0-2022-20811)
Vulnerability from nvd – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
VLAI?
Summary
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:37:02.309084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:05:48.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
}
],
"source": {
"advisory": "cisco-sa-roomos-trav-beFvCcyu",
"defect": [
[
"CSCwb29733",
"CSCwc21962",
"CSCwc47215",
"CSCwc47220",
"CSCwc47228"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20811",
"datePublished": "2022-10-26T14:00:20.814557Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-10-25T16:05:48.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20768 (GCVE-0-2022-20768)
Vulnerability from nvd – Published: 2022-07-06 20:30 – Updated: 2024-11-01 19:00
VLAI?
Summary
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials.
Severity ?
4.9 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RoomOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T18:41:08.923271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T19:00:40.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RoomOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T20:30:17",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
}
],
"source": {
"advisory": "cisco-sa-roomos-infodisc-YOTz9Ct7",
"defect": [
[
"CSCwa87973"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-07-06T16:00:00",
"ID": "CVE-2022-20768",
"STATE": "PUBLIC",
"TITLE": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco RoomOS Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.9",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
}
]
},
"source": {
"advisory": "cisco-sa-roomos-infodisc-YOTz9Ct7",
"defect": [
[
"CSCwa87973"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20768",
"datePublished": "2022-07-06T20:30:17.911907Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-01T19:00:40.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}