Vulnerability-Lookup

BDU:2023-03250

Vulnerability from fstec - Published: 19.04.2023

Title

Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence Collaboration Endpoint (CE) и операционных систем Cisco RoomOS, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить привилегии до получения root прав на уязвимом устройстве

Description

Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence Collaboration Endpoint (CE) и операционных систем Cisco RoomOS связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю повысить привилегии до получения root прав на уязвимом устройстве

Severity ?


                    
                      AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vendor

Cisco Systems Inc.

Software Name

RoomOS, TelePresence Collaboration Endpoint (CE)

Software Version

от 9 до 9.15.17.4 (RoomOS), от 10 до 11.1.2.4 (RoomOS), от 9 до 9.15.17.4 (TelePresence Collaboration Endpoint (CE)), от 10 до 11.1.2.4 (TelePresence Collaboration Endpoint (CE))

Possible Mitigations

Использование рекомендаций: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf

CWE

CWE-264

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 9 \u0434\u043e 9.15.17.4 (RoomOS), \u043e\u0442 10 \u0434\u043e 11.1.2.4 (RoomOS), \u043e\u0442 9 \u0434\u043e 9.15.17.4 (TelePresence Collaboration Endpoint (CE)), \u043e\u0442 10 \u0434\u043e 11.1.2.4 (TelePresence Collaboration Endpoint (CE))",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.04.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.06.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.06.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-03250",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-20090",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "RoomOS, TelePresence Collaboration Endpoint (CE)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. RoomOS \u043e\u0442 9 \u0434\u043e 9.15.17.4 , Cisco Systems Inc. RoomOS \u043e\u0442 10 \u0434\u043e 11.1.2.4 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0435\u0440\u0435\u043d\u0446-\u0441\u0432\u044f\u0437\u044c\u044e Cisco TelePresence Collaboration Endpoint (CE) \u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Cisco RoomOS, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f root \u043f\u0440\u0430\u0432 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (CWE-264)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0435\u0440\u0435\u043d\u0446-\u0441\u0432\u044f\u0437\u044c\u044e Cisco TelePresence Collaboration Endpoint (CE) \u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Cisco RoomOS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f root \u043f\u0440\u0430\u0432 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-264",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,7)"
}

CVE-2023-20090 (GCVE-0-2023-20090)

Vulnerability from cvelistv5 – Published: 2024-11-15 15:19 – Updated: 2024-11-15 17:15

Title

Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability

Summary

A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-27 - Path Traversal: 'dir/../../filename'

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

Vendor

Product

Version

Cisco

Cisco RoomOS Software

Affected: N/A

Cisco

Cisco TelePresence Endpoint Software (TC/CE)

Affected: CE9.10.2
Affected: CE9.1.4
Affected: CE9.9.3
Affected: CE9.10.3
Affected: CE9.1.5
Affected: CE9.2.4
Affected: CE9.10.1
Affected: CE9.13.0
Affected: CE9.1.2
Affected: CE9.1.1
Affected: CE9.9.4
Affected: CE9.2.1
Affected: CE9.1.3
Affected: CE9.0.1
Affected: CE9.1.6
Affected: CE9.12.4
Affected: CE9.2.2
Affected: CE9.12.3
Affected: CE9.2.3
Affected: CE9.13.1
Affected: CE9.14.3
Affected: CE9.14.4
Affected: CE9.13.2
Affected: CE9.12.5
Affected: CE9.14.5
Affected: CE9.15.0.10
Affected: CE9.15.0.11
Affected: CE9.13.3
Affected: CE9.15.0.13
Affected: CE9.14.6
Affected: CE9.15.3.17
Affected: CE9.14.7
Affected: CE9.15.0.19
Affected: CE9.15.3.19
Affected: CE9.15.3.18
Affected: CE9.15.3.22
Affected: CE9.15.8.12
Affected: CE9.15.10.8
Affected: CE9.15.3.26
Affected: CE9.15.3.25
Affected: CE9.15.13.0
Affected: CE9.15.15.4
Affected: CE9.15.16.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "telepresence_collaboration_endpoint",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "9.0.1"
              },
              {
                "status": "affected",
                "version": "9.10.1"
              },
              {
                "status": "affected",
                "version": "9.10.2"
              },
              {
                "status": "affected",
                "version": "9.10.3"
              },
              {
                "status": "affected",
                "version": "9.1.1"
              },
              {
                "status": "affected",
                "version": "9.1.2"
              },
              {
                "status": "affected",
                "version": "9.12.3"
              },
              {
                "status": "affected",
                "version": "9.12.4"
              },
              {
                "status": "affected",
                "version": "9.12.5"
              },
              {
                "status": "affected",
                "version": "9.1.3"
              },
              {
                "status": "affected",
                "version": "9.13.0"
              },
              {
                "status": "affected",
                "version": "9.13.1"
              },
              {
                "status": "affected",
                "version": "9.13.2"
              },
              {
                "status": "affected",
                "version": "9.13.3"
              },
              {
                "status": "affected",
                "version": "9.1.4"
              },
              {
                "status": "affected",
                "version": "9.14.3"
              },
              {
                "status": "affected",
                "version": "9.14.4"
              },
              {
                "status": "affected",
                "version": "9.14.5"
              },
              {
                "status": "affected",
                "version": "9.14.6"
              },
              {
                "status": "affected",
                "version": "9.1.5"
              },
              {
                "status": "affected",
                "version": "9.15.0.10"
              },
              {
                "status": "affected",
                "version": "9.15.0.11"
              },
              {
                "status": "affected",
                "version": "9.15.13.0"
              },
              {
                "status": "affected",
                "version": "9.15.8.12"
              },
              {
                "status": "affected",
                "version": "9.1.6"
              },
              {
                "status": "affected",
                "version": "9.2.1"
              },
              {
                "status": "affected",
                "version": "9.2.2"
              },
              {
                "status": "affected",
                "version": "9.2.3"
              },
              {
                "status": "affected",
                "version": "9.2.4"
              },
              {
                "status": "affected",
                "version": "9.9.3"
              },
              {
                "status": "affected",
                "version": "9.9.4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.15.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.16.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "telepresence_collaboration_endpoint",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "9.15.0.19"
              },
              {
                "status": "affected",
                "version": "9.15.10.8"
              },
              {
                "status": "affected",
                "version": "9.15.13.0"
              },
              {
                "status": "affected",
                "version": "9.15.15.4"
              },
              {
                "status": "affected",
                "version": "9.15.16.5"
              },
              {
                "status": "affected",
                "version": "9.15.3.18"
              },
              {
                "status": "affected",
                "version": "9.15.3.19"
              },
              {
                "status": "affected",
                "version": "9.15.3.22"
              },
              {
                "status": "affected",
                "version": "9.15.3.25"
              },
              {
                "status": "affected",
                "version": "9.15.3.26"
              },
              {
                "status": "affected",
                "version": "9.15.8.12"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20090",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:49:25.857316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:15:43.778Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco RoomOS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco TelePresence Endpoint Software (TC/CE)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "CE9.10.2"
            },
            {
              "status": "affected",
              "version": "CE9.1.4"
            },
            {
              "status": "affected",
              "version": "CE9.9.3"
            },
            {
              "status": "affected",
              "version": "CE9.10.3"
            },
            {
              "status": "affected",
              "version": "CE9.1.5"
            },
            {
              "status": "affected",
              "version": "CE9.2.4"
            },
            {
              "status": "affected",
              "version": "CE9.10.1"
            },
            {
              "status": "affected",
              "version": "CE9.13.0"
            },
            {
              "status": "affected",
              "version": "CE9.1.2"
            },
            {
              "status": "affected",
              "version": "CE9.1.1"
            },
            {
              "status": "affected",
              "version": "CE9.9.4"
            },
            {
              "status": "affected",
              "version": "CE9.2.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.3"
            },
            {
              "status": "affected",
              "version": "CE9.0.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.6"
            },
            {
              "status": "affected",
              "version": "CE9.12.4"
            },
            {
              "status": "affected",
              "version": "CE9.2.2"
            },
            {
              "status": "affected",
              "version": "CE9.12.3"
            },
            {
              "status": "affected",
              "version": "CE9.2.3"
            },
            {
              "status": "affected",
              "version": "CE9.13.1"
            },
            {
              "status": "affected",
              "version": "CE9.14.3"
            },
            {
              "status": "affected",
              "version": "CE9.14.4"
            },
            {
              "status": "affected",
              "version": "CE9.13.2"
            },
            {
              "status": "affected",
              "version": "CE9.12.5"
            },
            {
              "status": "affected",
              "version": "CE9.14.5"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.10"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.11"
            },
            {
              "status": "affected",
              "version": "CE9.13.3"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.13"
            },
            {
              "status": "affected",
              "version": "CE9.14.6"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.17"
            },
            {
              "status": "affected",
              "version": "CE9.14.7"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.19"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.19"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.18"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.22"
            },
            {
              "status": "affected",
              "version": "CE9.15.8.12"
            },
            {
              "status": "affected",
              "version": "CE9.15.10.8"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.26"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.25"
            },
            {
              "status": "affected",
              "version": "CE9.15.13.0"
            },
            {
              "status": "affected",
              "version": "CE9.15.15.4"
            },
            {
              "status": "affected",
              "version": "CE9.15.16.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T15:19:09.891Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-roomos-file-write-rHKwegKf",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
        }
      ],
      "source": {
        "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
        "defects": [
          "CSCwc85883"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20090",
    "datePublished": "2024-11-15T15:19:09.891Z",
    "dateReserved": "2022-10-27T18:47:50.335Z",
    "dateUpdated": "2024-11-15T17:15:43.778Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2023-03250

CVE-2023-20090 (GCVE-0-2023-20090)

Tags

Sightings

Nomenclature