CVE-2023-20090

Path Traversal: 'dir/../../filename' (CWE-27)

Published: Nov 15, 2024 / Updated: 4d ago

010
CVSS 6.7EPSS 0.04%Medium
CVE info copied to clipboard

A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-20090. See article

Apr 19, 2023 at 4:07 PM / sec.cloudapps.cisco.com
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 15, 2024 at 3:44 PM
CVE Assignment

NVD published the first details for CVE-2023-20090

Nov 15, 2024 at 4:15 PM
CVSS

A CVSS base score of 6.7 has been assigned.

Nov 15, 2024 at 4:21 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.2%)

Nov 18, 2024 at 5:15 PM
Static CVE Timeline Graph

Affected Systems

Cisco/telepresence_ce
+null more

News

Medium - CVE-2023-20090 - A vulnerability in Cisco TelePresence CE and...
A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access...
CVE-2023-20090
A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability
Cisco - MEDIUM - CVE-2023-20090 A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Cisco TelePresence CE and RoomOS Privilege Escalation (cisco-s... | TenableĀ®
According to its self-reported version, the Cisco TelePresence Collaboration Endpoint software is affected by a privilege escalation vulnerability ...
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint and RoomOS
The vulnerability exists due to improper access control on certain CLI commands, which leads to security restrictions bypass and privilege escalation. The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI