ID

VAR-202301-0986


CVE

CVE-2023-20002


TITLE

Cisco TelePresence CE  and  RoomOS Software  Server-side request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002209

DESCRIPTION

A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system. Cisco TelePresence CE and RoomOS Software Contains a server-side request forgery vulnerability.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2023-20002 // JVNDB: JVNDB-2023-002209 // VULHUB: VHN-444766 // VULMON: CVE-2023-20002

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.10.2

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.3.2.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.1.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.12.4

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.14.6

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.1

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.3.4.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.5

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.3.25

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.12.5

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.9.4

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.2

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.9.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.2.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.13.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.2.2

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.15.3.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.10.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.2.4

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.12.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.4

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.11.3.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.13.2

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.10.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.14.5

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.10.8

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.2.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.0.10

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.0.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.14.4

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.1.6

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.8.2.5

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.8.4.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.0.11

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.3.5

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.13.1

Trust: 1.0

vendor:ciscomodel:roomosscope:eqversion:10.11.5.2

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.14.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.13.0

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.15.3.26

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.3.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco telepresence collaboration endpointscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco roomosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002209 // NVD: CVE-2023-20002

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20002
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20002
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2023-002209
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202301-968
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-20002
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 2.5
version: 3.1

Trust: 2.0

OTHER: JVNDB-2023-002209
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002209 // CNNVD: CNNVD-202301-968 // NVD: CVE-2023-20002 // NVD: CVE-2023-20002

PROBLEMTYPE DATA

problemtype:CWE-918

Trust: 1.1

problemtype:Server-side request forgery (CWE-918) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-444766 // JVNDB: JVNDB-2023-002209 // NVD: CVE-2023-20002

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-968

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202301-968

PATCH

title:cisco-sa-roomos-dkjGFgRKurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK

Trust: 0.8

title:Cisco TelePresence Collaboration Endpoint Software Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=222286

Trust: 0.6

title:Cisco: Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-roomos-dkjGFgRK

Trust: 0.1

sources: VULMON: CVE-2023-20002 // JVNDB: JVNDB-2023-002209 // CNNVD: CNNVD-202301-968

EXTERNAL IDS

db:NVDid:CVE-2023-20002

Trust: 3.4

db:JVNDBid:JVNDB-2023-002209

Trust: 0.8

db:AUSCERTid:ESB-2023.0175

Trust: 0.6

db:CNNVDid:CNNVD-202301-968

Trust: 0.6

db:VULHUBid:VHN-444766

Trust: 0.1

db:VULMONid:CVE-2023-20002

Trust: 0.1

sources: VULHUB: VHN-444766 // VULMON: CVE-2023-20002 // JVNDB: JVNDB-2023-002209 // CNNVD: CNNVD-202301-968 // NVD: CVE-2023-20002

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-roomos-dkjgfgrk

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-20002

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.0175

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-20002/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-444766 // VULMON: CVE-2023-20002 // JVNDB: JVNDB-2023-002209 // CNNVD: CNNVD-202301-968 // NVD: CVE-2023-20002

SOURCES

db:VULHUBid:VHN-444766
db:VULMONid:CVE-2023-20002
db:JVNDBid:JVNDB-2023-002209
db:CNNVDid:CNNVD-202301-968
db:NVDid:CVE-2023-20002

LAST UPDATE DATE

2024-08-14T14:24:19.416000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-444766date:2023-01-26T00:00:00
db:VULMONid:CVE-2023-20002date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002209date:2023-06-23T07:57:00
db:CNNVDid:CNNVD-202301-968date:2023-01-28T00:00:00
db:NVDid:CVE-2023-20002date:2024-01-25T17:15:23.817

SOURCES RELEASE DATE

db:VULHUBid:VHN-444766date:2023-01-20T00:00:00
db:VULMONid:CVE-2023-20002date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002209date:2023-06-23T00:00:00
db:CNNVDid:CNNVD-202301-968date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20002date:2023-01-20T07:15:12.450