Details of VAR-202301-0985

ID

VAR-202301-0985

CVE

CVE-2023-20008

TITLE

Cisco TelePresence CE and RoomOS Software Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002208

DESCRIPTION

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. Cisco TelePresence CE and RoomOS Software Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-20008 // JVNDB: JVNDB-2023-002208 // VULHUB: VHN-444775 // VULMON: CVE-2023-20008

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.10.2	Trust: 1.0
vendor:	cisco	model:	roomos	scope:	eq	version:	10.3.2.0	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.3.2	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.12.4	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.14.6	Trust: 1.0
vendor:	cisco	model:	telepresence tc	scope:	eq	version:	7.3.21	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	cisco	model:	roomos	scope:	eq	version:	10.3.4.0	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.1.3	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.3.3	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.1.5	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.15.3.25	Trust: 1.0
vendor:	cisco	model:	telepresence tc	scope:	eq	version:	7.3.13	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.12.5	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.9.4	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.1.2	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.15.8.12	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.9.3	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.2.3	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.13.3	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.2.2	Trust: 1.0
vendor:	cisco	model:	roomos	scope:	eq	version:	10.15.3.0	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.10.3	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.3.6	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.2.4	Trust: 1.0
vendor:	cisco	model:	telepresence tc	scope:	eq	version:	7.3.9	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.12.3	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.15.13.0	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.1.4	Trust: 1.0
vendor:	cisco	model:	roomos	scope:	eq	version:	10.11.3.0	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.13.2	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.0.1	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.10.1	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.14.5	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.15.10.8	Trust: 1.0
vendor:	cisco	model:	telepresence tc	scope:	eq	version:	7.3.7	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.2.1	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.15.0.10	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.14.4	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.1.6	Trust: 1.0
vendor:	cisco	model:	roomos	scope:	eq	version:	10.8.2.5	Trust: 1.0
vendor:	cisco	model:	telepresence tc	scope:	eq	version:	7.3.5	Trust: 1.0
vendor:	cisco	model:	roomos	scope:	eq	version:	10.8.4.0	Trust: 1.0
vendor:	cisco	model:	telepresence tc	scope:	eq	version:	7.3.6	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.15.0.11	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.3.5	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.13.1	Trust: 1.0
vendor:	cisco	model:	roomos	scope:	eq	version:	10.11.5.2	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.14.3	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.13.0	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.15.3.26	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.3.1	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.3.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco telepresence collaboration endpoint	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco telepresence tc ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco roomos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002208 // NVD: CVE-2023-20008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-20008
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2023-20008
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-20008
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202301-967
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-20008
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2023-20008
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2023-20008
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002208 // CNNVD: CNNVD-202301-967 // NVD: CVE-2023-20008 // NVD: CVE-2023-20008

PROBLEMTYPE DATA

problemtype:	CWE-59	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002208 // NVD: CVE-2023-20008

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-967

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-967

PATCH

title:	cisco-sa-roomos-dkjGFgRK	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK	Trust: 0.8
title:	Cisco TelePresence Collaboration Endpoint Software Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=222285	Trust: 0.6
title:	Cisco: Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-roomos-dkjGFgRK	Trust: 0.1

sources: VULMON: CVE-2023-20008 // JVNDB: JVNDB-2023-002208 // CNNVD: CNNVD-202301-967

EXTERNAL IDS

db:	NVD	id:	CVE-2023-20008	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-002208	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.0175	Trust: 0.6
db:	CNNVD	id:	CNNVD-202301-967	Trust: 0.6
db:	VULHUB	id:	VHN-444775	Trust: 0.1
db:	VULMON	id:	CVE-2023-20008	Trust: 0.1

sources: VULHUB: VHN-444775 // VULMON: CVE-2023-20008 // JVNDB: JVNDB-2023-002208 // CNNVD: CNNVD-202301-967 // NVD: CVE-2023-20008

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-roomos-dkjgfgrk	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-20008	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-20008/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0175	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-444775 // VULMON: CVE-2023-20008 // JVNDB: JVNDB-2023-002208 // CNNVD: CNNVD-202301-967 // NVD: CVE-2023-20008

SOURCES

db:	VULHUB	id:	VHN-444775
db:	VULMON	id:	CVE-2023-20008
db:	JVNDB	id:	JVNDB-2023-002208
db:	CNNVD	id:	CNNVD-202301-967
db:	NVD	id:	CVE-2023-20008

LAST UPDATE DATE

2024-08-14T14:24:19.449000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-444775	date:	2023-01-26T00:00:00
db:	VULMON	id:	CVE-2023-20008	date:	2023-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2023-002208	date:	2023-06-23T07:54:00
db:	CNNVD	id:	CNNVD-202301-967	date:	2023-01-28T00:00:00
db:	NVD	id:	CVE-2023-20008	date:	2024-01-25T17:15:24.283

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-444775	date:	2023-01-20T00:00:00
db:	VULMON	id:	CVE-2023-20008	date:	2023-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2023-002208	date:	2023-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202301-967	date:	2023-01-12T00:00:00
db:	NVD	id:	CVE-2023-20008	date:	2023-01-20T07:15:13.057