ID

VAR-202301-0985


CVE

CVE-2023-20008


TITLE

Cisco TelePresence CE  and  RoomOS Software  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002208

DESCRIPTION

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. Cisco TelePresence CE and RoomOS Software Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-20008 // JVNDB: JVNDB-2023-002208 // VULHUB: VHN-444775 // VULMON: CVE-2023-20008

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.10.2

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.3.2.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.1.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.3.2

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.12.4

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.14.6

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:7.3.21

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.1

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.3.4.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.3.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.5

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.3.25

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:7.3.13

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.1.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.12.5

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.9.4

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.2

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.8.12

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.9.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.2.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.13.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.2.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.2.2

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.15.3.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.10.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.3.6

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.2.4

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:7.3.9

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.12.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.13.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.4

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.11.3.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.13.2

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.0.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.10.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.14.5

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.10.8

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:7.3.7

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.2.2

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.2.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.0.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.2.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.0.10

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.14.4

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.6

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.8.2.5

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:7.3.5

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.8.4.0

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:eqversion:7.3.6

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.0.11

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.3.5

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.13.1

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.11.5.2

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.14.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.0.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.13.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.3.26

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.3.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.3.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco telepresence collaboration endpointscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence tc ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco roomosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002208 // NVD: CVE-2023-20008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20008
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20008
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-20008
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-967
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-20008
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20008
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-20008
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002208 // CNNVD: CNNVD-202301-967 // NVD: CVE-2023-20008 // NVD: CVE-2023-20008

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002208 // NVD: CVE-2023-20008

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-967

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-967

PATCH

title:cisco-sa-roomos-dkjGFgRKurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK

Trust: 0.8

title:Cisco TelePresence Collaboration Endpoint Software Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=222285

Trust: 0.6

title:Cisco: Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-roomos-dkjGFgRK

Trust: 0.1

sources: VULMON: CVE-2023-20008 // JVNDB: JVNDB-2023-002208 // CNNVD: CNNVD-202301-967

EXTERNAL IDS

db:NVDid:CVE-2023-20008

Trust: 3.4

db:JVNDBid:JVNDB-2023-002208

Trust: 0.8

db:AUSCERTid:ESB-2023.0175

Trust: 0.6

db:CNNVDid:CNNVD-202301-967

Trust: 0.6

db:VULHUBid:VHN-444775

Trust: 0.1

db:VULMONid:CVE-2023-20008

Trust: 0.1

sources: VULHUB: VHN-444775 // VULMON: CVE-2023-20008 // JVNDB: JVNDB-2023-002208 // CNNVD: CNNVD-202301-967 // NVD: CVE-2023-20008

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-roomos-dkjgfgrk

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-20008

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-20008/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0175

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-444775 // VULMON: CVE-2023-20008 // JVNDB: JVNDB-2023-002208 // CNNVD: CNNVD-202301-967 // NVD: CVE-2023-20008

SOURCES

db:VULHUBid:VHN-444775
db:VULMONid:CVE-2023-20008
db:JVNDBid:JVNDB-2023-002208
db:CNNVDid:CNNVD-202301-967
db:NVDid:CVE-2023-20008

LAST UPDATE DATE

2024-08-14T14:24:19.449000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-444775date:2023-01-26T00:00:00
db:VULMONid:CVE-2023-20008date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002208date:2023-06-23T07:54:00
db:CNNVDid:CNNVD-202301-967date:2023-01-28T00:00:00
db:NVDid:CVE-2023-20008date:2024-01-25T17:15:24.283

SOURCES RELEASE DATE

db:VULHUBid:VHN-444775date:2023-01-20T00:00:00
db:VULMONid:CVE-2023-20008date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002208date:2023-06-23T00:00:00
db:CNNVDid:CNNVD-202301-967date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20008date:2023-01-20T07:15:13.057