Search

Find a vulnerability

Search criteria

    62 vulnerabilities found for telepresence_collaboration_endpoint by cisco

    CVE-2025-20329 (GCVE-0-2025-20329)

    Vulnerability from nvd – Published: 2025-10-15 16:14 – Updated: 2025-10-15 17:42
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
    Summary
    A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.11.2.2
    Affected: RoomOS 10.15.2.2
    Affected: RoomOS 11.5.4.6
    Affected: RoomOS 11.5.2.4
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.5.3
    Affected: RoomOS 10.19.2.2
    Affected: RoomOS 11.1.3.1
    Affected: RoomOS 10.11.6.0
    Affected: RoomOS 10.19.3.0
    Affected: RoomOS 10.19.4.2
    Affected: RoomOS 10.3.2.4
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.15.3.0
    Affected: RoomOS 11.1.4.1
    Affected: RoomOS 11.14.2.3
    Affected: RoomOS 11.1.2.4
    Affected: RoomOS 10.8.3.1
    Affected: RoomOS 11.14.2.1
    Affected: RoomOS 10.3.3.0
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.15.4.1
    Affected: RoomOS 10.19.5.6
    Affected: RoomOS 10.11.4.1
    Affected: RoomOS 11.9.3.1
    Affected: RoomOS 11.5.3.3
    Affected: RoomOS 10.3.2.0
    Affected: RoomOS 11.9.2.4
    Affected: RoomOS 11.14.3.0
    Affected: RoomOS 11.17.2.2
    Affected: RoomOS 11.14.4.0
    Affected: RoomOS 10.19 StepUpg
    Affected: RoomOS 11.17.3.0
    Affected: RoomOS 11.20.2.3
    Affected: RoomOS 11.14.5.0
    Affected: RoomOS 11.17.4.0
    Affected: RoomOS 11.20.3.0
    Affected: RoomOS 11.23.1.6
    Affected: RoomOS 11.23.1.8
    Affected: RoomOS 11.24.1.5
    Affected: RoomOS 11.24.2.4
    Affected: RoomOS 11.24.3.0
    Affected: RoomOS 11.24.4.1
    Affected: RoomOS 11.27.2.0
    Affected: RoomOS 11.28.1.3
    Affected: RoomOS 11.27.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20329",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T17:42:38.688864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T17:42:48.088Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.4.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.5.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.6.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.4.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.5.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.3.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19 StepUpg"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.8"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.28.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative\u0026nbsp;credentials.\r\n\r\nThis vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII).\r\nNote: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T16:14:59.904Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-inf-disc-qGgsbxAm",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-inf-disc-qGgsbxAm"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-inf-disc-qGgsbxAm",
            "defects": [
              "CSCwp08812"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20329",
        "datePublished": "2025-10-15T16:14:59.904Z",
        "dateReserved": "2024-10-10T19:15:13.254Z",
        "dateUpdated": "2025-10-15T17:42:48.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20094 (GCVE-0-2023-20094)

    Vulnerability from nvd – Published: 2024-11-15 15:08 – Updated: 2024-11-15 15:43
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
    Summary
    A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information. Note: This vulnerability only affects Cisco Webex Desk Hub. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20094",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T15:43:09.416209Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:43:30.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device.\r\n\r\nThis vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information.\r\nNote: This vulnerability only affects Cisco Webex Desk Hub.\r\nThere are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:08:14.206Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-file-write-rHKwegKf",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
            "defects": [
              "CSCwb86296"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20094",
        "datePublished": "2024-11-15T15:08:04.290Z",
        "dateReserved": "2022-10-27T18:47:50.336Z",
        "dateUpdated": "2024-11-15T15:43:30.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20091 (GCVE-0-2023-20091)

    Vulnerability from nvd – Published: 2024-11-15 15:15 – Updated: 2024-11-15 17:48
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability
    Summary
    A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit this vulnerability, an attacker would need to have a remote support user account. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-61 - UNIX Symbolic Link (Symlink) Following
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
    Affected: CE9.1.4
    Affected: CE9.9.3
    Affected: CE9.10.3
    Affected: CE9.1.5
    Affected: CE9.2.4
    Affected: CE9.10.1
    Affected: CE9.13.0
    Affected: CE9.1.2
    Affected: CE9.1.1
    Affected: CE9.9.4
    Affected: CE9.2.1
    Affected: CE9.1.3
    Affected: CE9.0.1
    Affected: CE9.1.6
    Affected: CE9.12.4
    Affected: CE9.2.2
    Affected: CE9.12.3
    Affected: CE9.2.3
    Affected: CE9.13.1
    Affected: CE9.14.3
    Affected: CE9.14.4
    Affected: CE9.13.2
    Affected: CE9.12.5
    Affected: CE9.14.5
    Affected: CE9.15.0.10
    Affected: CE9.15.0.11
    Affected: CE9.13.3
    Affected: CE9.15.0.13
    Affected: CE9.14.6
    Affected: CE9.15.3.17
    Affected: CE9.14.7
    Affected: CE9.15.0.19
    Affected: CE9.15.3.19
    Affected: CE9.15.3.18
    Affected: CE9.15.3.22
    Affected: CE9.15.8.12
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.13.0
    Affected: CE9.15.15.4
    Affected: CE9.15.16.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20091",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T17:47:56.924902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T17:48:19.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.13"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.18"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.15.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.16.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThis vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit this vulnerability, an attacker would need to have a remote support user account.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-61",
                  "description": "UNIX Symbolic Link (Symlink) Following",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:15:03.615Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-file-write-rHKwegKf",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
            "defects": [
              "CSCwc71178"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20091",
        "datePublished": "2024-11-15T15:15:03.615Z",
        "dateReserved": "2022-10-27T18:47:50.336Z",
        "dateUpdated": "2024-11-15T17:48:19.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20090 (GCVE-0-2023-20090)

    Vulnerability from nvd – Published: 2024-11-15 15:19 – Updated: 2024-11-15 17:15
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability
    Summary
    A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-27 - Path Traversal: 'dir/../../filename'
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: N/A
    Create a notification for this product.
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
    Affected: CE9.1.4
    Affected: CE9.9.3
    Affected: CE9.10.3
    Affected: CE9.1.5
    Affected: CE9.2.4
    Affected: CE9.10.1
    Affected: CE9.13.0
    Affected: CE9.1.2
    Affected: CE9.1.1
    Affected: CE9.9.4
    Affected: CE9.2.1
    Affected: CE9.1.3
    Affected: CE9.0.1
    Affected: CE9.1.6
    Affected: CE9.12.4
    Affected: CE9.2.2
    Affected: CE9.12.3
    Affected: CE9.2.3
    Affected: CE9.13.1
    Affected: CE9.14.3
    Affected: CE9.14.4
    Affected: CE9.13.2
    Affected: CE9.12.5
    Affected: CE9.14.5
    Affected: CE9.15.0.10
    Affected: CE9.15.0.11
    Affected: CE9.13.3
    Affected: CE9.15.0.13
    Affected: CE9.14.6
    Affected: CE9.15.3.17
    Affected: CE9.14.7
    Affected: CE9.15.0.19
    Affected: CE9.15.3.19
    Affected: CE9.15.3.18
    Affected: CE9.15.3.22
    Affected: CE9.15.8.12
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.13.0
    Affected: CE9.15.15.4
    Affected: CE9.15.16.5
    Create a notification for this product.
    cisco telepresence_collaboration_endpoint Affected: 9.0.1
    Affected: 9.10.1
    Affected: 9.10.2
    Affected: 9.10.3
    Affected: 9.1.1
    Affected: 9.1.2
    Affected: 9.12.3
    Affected: 9.12.4
    Affected: 9.12.5
    Affected: 9.1.3
    Affected: 9.13.0
    Affected: 9.13.1
    Affected: 9.13.2
    Affected: 9.13.3
    Affected: 9.1.4
    Affected: 9.14.3
    Affected: 9.14.4
    Affected: 9.14.5
    Affected: 9.14.6
    Affected: 9.1.5
    Affected: 9.15.0.10
    Affected: 9.15.0.11
    Affected: 9.15.13.0
    Affected: 9.15.8.12
    Affected: 9.1.6
    Affected: 9.2.1
    Affected: 9.2.2
    Affected: 9.2.3
    Affected: 9.2.4
    Affected: 9.9.3
    Affected: 9.9.4
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco telepresence_collaboration_endpoint Affected: 9.15.0.19
    Affected: 9.15.10.8
    Affected: 9.15.13.0
    Affected: 9.15.15.4
    Affected: 9.15.16.5
    Affected: 9.15.3.18
    Affected: 9.15.3.19
    Affected: 9.15.3.22
    Affected: 9.15.3.25
    Affected: 9.15.3.26
    Affected: 9.15.8.12
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.15.4:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.16.5:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "telepresence_collaboration_endpoint",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.0.1"
                  },
                  {
                    "status": "affected",
                    "version": "9.10.1"
                  },
                  {
                    "status": "affected",
                    "version": "9.10.2"
                  },
                  {
                    "status": "affected",
                    "version": "9.10.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.1"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.2"
                  },
                  {
                    "status": "affected",
                    "version": "9.12.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.12.4"
                  },
                  {
                    "status": "affected",
                    "version": "9.12.5"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.13.0"
                  },
                  {
                    "status": "affected",
                    "version": "9.13.1"
                  },
                  {
                    "status": "affected",
                    "version": "9.13.2"
                  },
                  {
                    "status": "affected",
                    "version": "9.13.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.4"
                  },
                  {
                    "status": "affected",
                    "version": "9.14.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.14.4"
                  },
                  {
                    "status": "affected",
                    "version": "9.14.5"
                  },
                  {
                    "status": "affected",
                    "version": "9.14.6"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.5"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.0.10"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.0.11"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.13.0"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.8.12"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.6"
                  },
                  {
                    "status": "affected",
                    "version": "9.2.1"
                  },
                  {
                    "status": "affected",
                    "version": "9.2.2"
                  },
                  {
                    "status": "affected",
                    "version": "9.2.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.2.4"
                  },
                  {
                    "status": "affected",
                    "version": "9.9.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.9.4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.15.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.16.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "telepresence_collaboration_endpoint",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.15.0.19"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.10.8"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.13.0"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.15.4"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.16.5"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.3.18"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.3.19"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.3.22"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.3.25"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.3.26"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.8.12"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20090",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T16:49:25.857316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T17:15:43.778Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.13"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.18"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.15.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.16.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-27",
                  "description": "Path Traversal: \u0027dir/../../filename\u0027",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:19:09.891Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-file-write-rHKwegKf",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
            "defects": [
              "CSCwc85883"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20090",
        "datePublished": "2024-11-15T15:19:09.891Z",
        "dateReserved": "2022-10-27T18:47:50.335Z",
        "dateUpdated": "2024-11-15T17:15:43.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20004 (GCVE-0-2023-20004)

    Vulnerability from nvd – Published: 2024-11-15 15:23 – Updated: 2024-11-15 15:37
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability
    Summary
    Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account. Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: N/A
    Create a notification for this product.
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
    Affected: CE9.1.4
    Affected: CE9.9.3
    Affected: CE9.10.3
    Affected: CE9.1.5
    Affected: CE9.2.4
    Affected: CE9.10.1
    Affected: CE9.13.0
    Affected: CE9.1.2
    Affected: CE9.1.1
    Affected: CE9.9.4
    Affected: CE9.2.1
    Affected: CE9.1.3
    Affected: CE9.0.1
    Affected: CE9.1.6
    Affected: CE9.12.4
    Affected: CE9.2.2
    Affected: CE9.12.3
    Affected: CE9.2.3
    Affected: CE9.13.1
    Affected: CE9.14.3
    Affected: CE9.14.4
    Affected: CE9.13.2
    Affected: CE9.12.5
    Affected: CE9.14.5
    Affected: CE9.15.0.10
    Affected: CE9.15.0.11
    Affected: CE9.13.3
    Affected: CE9.15.0.13
    Affected: CE9.14.6
    Affected: CE9.15.3.17
    Affected: CE9.14.7
    Affected: CE9.15.0.19
    Affected: CE9.15.3.19
    Affected: CE9.15.3.18
    Affected: CE9.15.3.22
    Affected: CE9.15.8.12
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.13.0
    Affected: CE9.15.15.4
    Affected: CE9.15.16.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T15:37:09.280084Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:37:26.021Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.13"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.18"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.15.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.16.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:23:29.140Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-file-write-rHKwegKf",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
            "defects": [
              "CSCwc47206"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20004",
        "datePublished": "2024-11-15T15:23:29.140Z",
        "dateReserved": "2022-10-27T18:47:50.305Z",
        "dateUpdated": "2024-11-15T15:37:26.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20931 (GCVE-0-2022-20931)

    Vulnerability from nvd – Published: 2024-11-15 15:30 – Updated: 2024-11-15 15:47
    VLAI
    Title
    Cisco Touch 10 Device Downgrade Attack Vulnerability
    Summary
    A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older versions of the software.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-527 - Exposure of Version-Control Repository to an Unauthorized Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
    Affected: CE9.1.4
    Affected: CE9.9.3
    Affected: CE9.10.3
    Affected: CE9.1.5
    Affected: CE9.2.4
    Affected: CE9.10.1
    Affected: CE9.13.0
    Affected: CE9.1.2
    Affected: CE9.1.1
    Affected: CE9.9.4
    Affected: CE9.2.1
    Affected: CE9.1.3
    Affected: CE9.0.1
    Affected: CE9.1.6
    Affected: CE9.12.4
    Affected: CE9.2.2
    Affected: CE9.12.3
    Affected: CE9.2.3
    Affected: CE9.13.1
    Affected: CE9.14.3
    Affected: CE9.14.4
    Affected: CE9.13.2
    Affected: CE9.12.5
    Affected: CE9.14.5
    Affected: CE9.15.0.10
    Affected: CE9.15.0.11
    Affected: CE9.13.3
    Affected: CE9.15.0.13
    Affected: CE9.14.6
    Affected: CE9.15.3.17
    Affected: CE9.14.7
    Affected: CE9.15.0.19
    Affected: CE9.15.3.19
    Affected: CE9.15.3.18
    Affected: CE9.15.3.22
    Affected: CE9.15.8.12
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.13.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20931",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T15:47:05.719923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:47:25.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.13"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.18"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the version control of Cisco\u0026nbsp;TelePresence CE Software for Cisco\u0026nbsp;Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device.\r\nThis vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco\u0026nbsp;TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older versions of the software.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-527",
                  "description": "Exposure of Version-Control Repository to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:30:29.164Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-CTT-DAV-HSvEHHEt",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt"
            }
          ],
          "source": {
            "advisory": "cisco-sa-CTT-DAV-HSvEHHEt",
            "defects": [
              "CSCvw12012"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Touch 10 Device Downgrade Attack Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20931",
        "datePublished": "2024-11-15T15:30:29.164Z",
        "dateReserved": "2021-11-02T13:28:29.192Z",
        "dateUpdated": "2024-11-15T15:47:25.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20793 (GCVE-0-2022-20793)

    Vulnerability from nvd – Published: 2024-11-15 15:34 – Updated: 2024-11-15 21:12
    VLAI
    Title
    Cisco Touch 10 Device Insufficient Identity Verification Vulnerability
    Summary
    A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-325 - Missing Required Cryptographic Step
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: N/A
    Create a notification for this product.
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
    Affected: CE9.1.4
    Affected: CE9.10.3
    Affected: CE9.1.5
    Affected: CE9.10.1
    Affected: CE9.13.0
    Affected: CE9.1.1
    Affected: CE9.9.4
    Affected: CE9.2.1
    Affected: CE9.1.3
    Affected: CE9.1.6
    Affected: CE9.12.3
    Affected: CE9.13.1
    Affected: CE9.12.4
    Affected: CE9.14.3
    Affected: CE9.14.4
    Affected: CE9.13.2
    Affected: CE9.12.5
    Affected: CE9.14.5
    Affected: CE9.15.0.10
    Affected: CE9.15.0.11
    Affected: CE9.13.3
    Affected: CE9.15.0.13
    Affected: CE9.14.6
    Affected: CE9.15.3.17
    Affected: CE9.14.7
    Affected: CE9.15.0.19
    Affected: CE9.15.3.19
    Affected: CE9.15.3.18
    Affected: CE9.0.1
    Affected: CE9.2.2
    Affected: CE9.1.2
    Affected: CE9.9.3
    Affected: CE9.2.4
    Affected: CE9.2.3
    Affected: CE9.15.3.22
    Affected: CE9.15.8.12
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.13.0
    Create a notification for this product.
    cisco roomos Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco telepresence_tc_software Affected: 0 , < * (custom)
        cpe:2.3:a:cisco:telepresence_tc_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco telepresence_ce_software Affected: 0 , < * (custom)
        cpe:2.3:a:cisco:telepresence_ce_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "roomos",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:telepresence_tc_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "telepresence_tc_software",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:telepresence_ce_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "telepresence_ce_software",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T21:07:36.103341Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T21:12:23.388Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.13"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.18"
                },
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in pairing process of Cisco\u0026nbsp;TelePresence CE Software and RoomOS Software for Cisco\u0026nbsp;Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device.\r\nThis vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-325",
                  "description": "Missing Required Cryptographic Step",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:34:33.919Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-CTT-IVV-4A66Dsfj",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj"
            }
          ],
          "source": {
            "advisory": "cisco-sa-CTT-IVV-4A66Dsfj",
            "defects": [
              "CSCvw08723"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Touch 10 Device Insufficient Identity Verification Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20793",
        "datePublished": "2024-11-15T15:34:33.919Z",
        "dateReserved": "2021-11-02T13:28:29.168Z",
        "dateUpdated": "2024-11-15T21:12:23.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20008 (GCVE-0-2023-20008)

    Vulnerability from nvd – Published: 2023-01-19 01:41 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.3.2.0
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.3.0
    Create a notification for this product.
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.0.1
    Affected: CE9.1.1
    Affected: CE9.1.2
    Affected: CE9.1.3
    Affected: CE9.1.4
    Affected: CE9.1.5
    Affected: CE9.1.6
    Affected: CE9.10.1
    Affected: CE9.10.2
    Affected: CE9.10.3
    Affected: CE9.12.4
    Affected: CE9.12.5
    Affected: CE9.12.3
    Affected: CE9.13.0
    Affected: CE9.13.1
    Affected: CE9.13.3
    Affected: CE9.13.2
    Affected: CE9.2.1
    Affected: CE9.2.2
    Affected: CE9.2.3
    Affected: CE9.2.4
    Affected: CE9.9.3
    Affected: CE9.9.4
    Affected: CE9.14.3
    Affected: CE9.14.5
    Affected: CE9.14.4
    Affected: CE9.14.6
    Affected: CE9.14.7
    Affected: CE9.15.0.11
    Affected: CE9.15.0.10
    Affected: CE9.15.8.12
    Affected: CE9.15.13.0
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.3.17
    Affected: CE9.15.3.22
    Affected: CE9.15.0.19
    Affected: TC7.3.21
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.15.3.0
    Affected: 9.15.3.25
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-roomos-dkjGFgRK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                }
              ]
            },
            {
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "TC7.3.21"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "9.15.3.25"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.\r\n\r This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:30.027Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-dkjGFgRK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-dkjGFgRK",
            "defects": [
              "CSCwc47201"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20008",
        "datePublished": "2023-01-19T01:41:03.629Z",
        "dateReserved": "2022-10-27T18:47:50.307Z",
        "dateUpdated": "2024-08-02T08:57:35.552Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20002 (GCVE-0-2023-20002)

    Vulnerability from nvd – Published: 2023-01-19 01:40 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.3.2.0
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.3.0
    Create a notification for this product.
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.0.1
    Affected: CE9.1.1
    Affected: CE9.1.2
    Affected: CE9.1.3
    Affected: CE9.1.4
    Affected: CE9.1.5
    Affected: CE9.1.6
    Affected: CE9.10.1
    Affected: CE9.10.2
    Affected: CE9.10.3
    Affected: CE9.12.4
    Affected: CE9.12.5
    Affected: CE9.12.3
    Affected: CE9.13.0
    Affected: CE9.13.1
    Affected: CE9.13.3
    Affected: CE9.13.2
    Affected: CE9.2.1
    Affected: CE9.2.2
    Affected: CE9.2.3
    Affected: CE9.2.4
    Affected: CE9.9.3
    Affected: CE9.9.4
    Affected: CE9.14.3
    Affected: CE9.14.5
    Affected: CE9.14.4
    Affected: CE9.14.6
    Affected: CE9.14.7
    Affected: CE9.15.0.11
    Affected: CE9.15.0.10
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.3.17
    Affected: CE9.15.3.22
    Affected: CE9.15.0.19
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.15.3.0
    Affected: 9.15.3.25
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-roomos-dkjGFgRK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                }
              ]
            },
            {
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "9.15.3.25"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:28.759Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-dkjGFgRK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-dkjGFgRK",
            "defects": [
              "CSCwc85914"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20002",
        "datePublished": "2023-01-19T01:40:44.838Z",
        "dateReserved": "2022-10-27T18:47:50.305Z",
        "dateUpdated": "2024-08-02T08:57:35.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20955 (GCVE-0-2022-20955)

    Vulnerability from nvd – Published: 2022-10-26 14:01 – Updated: 2024-10-25 16:05
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20955",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:36:57.942858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:05:25.921Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-26T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-trav-beFvCcyu",
            "defect": [
              [
                "CSCwb29733",
                "CSCwc21962",
                "CSCwc47215",
                "CSCwc47220",
                "CSCwc47228"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20955",
        "datePublished": "2022-10-26T14:01:04.676Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-25T16:05:25.921Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20954 (GCVE-0-2022-20954)

    Vulnerability from nvd – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:58.919Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20954",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:36:59.314682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:05:33.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-26T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-trav-beFvCcyu",
            "defect": [
              [
                "CSCwb29733",
                "CSCwc21962",
                "CSCwc47215",
                "CSCwc47220",
                "CSCwc47228"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20954",
        "datePublished": "2022-10-26T14:00:54.656Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-25T16:05:33.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20953 (GCVE-0-2022-20953)

    Vulnerability from nvd – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:37:00.694014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:05:40.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-26T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-trav-beFvCcyu",
            "defect": [
              [
                "CSCwb29733",
                "CSCwc21962",
                "CSCwc47215",
                "CSCwc47220",
                "CSCwc47228"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20953",
        "datePublished": "2022-10-26T14:00:44.967Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-25T16:05:40.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20811 (GCVE-0-2022-20811)

    Vulnerability from nvd – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.942Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20811",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:37:02.309084Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:05:48.346Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-26T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-trav-beFvCcyu",
            "defect": [
              [
                "CSCwb29733",
                "CSCwc21962",
                "CSCwc47215",
                "CSCwc47220",
                "CSCwc47228"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20811",
        "datePublished": "2022-10-26T14:00:20.814Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-25T16:05:48.346Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20776 (GCVE-0-2022-20776)

    Vulnerability from nvd – Published: 2022-10-26 14:01 – Updated: 2024-10-25 16:05
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:36:56.062350Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:05:19.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-26T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-trav-beFvCcyu",
            "defect": [
              [
                "CSCwb29733",
                "CSCwc21962",
                "CSCwc47215",
                "CSCwc47220",
                "CSCwc47228"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20776",
        "datePublished": "2022-10-26T14:01:18.142Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-25T16:05:19.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20768 (GCVE-0-2022-20768)

    Vulnerability from nvd – Published: 2022-07-06 20:30 – Updated: 2024-11-01 19:00
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
    Summary
    A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.327Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20768",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:41:08.923271Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T19:00:40.779Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-06T20:30:17.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-infodisc-YOTz9Ct7",
            "defect": [
              [
                "CSCwa87973"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-06T16:00:00",
              "ID": "CVE-2022-20768",
              "STATE": "PUBLIC",
              "TITLE": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco RoomOS Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "4.9",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-532"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-roomos-infodisc-YOTz9Ct7",
              "defect": [
                [
                  "CSCwa87973"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20768",
        "datePublished": "2022-07-06T20:30:17.911Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-01T19:00:40.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20329 (GCVE-0-2025-20329)

    Vulnerability from cvelistv5 – Published: 2025-10-15 16:14 – Updated: 2025-10-15 17:42
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
    Summary
    A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative&nbsp;credentials. This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.11.2.2
    Affected: RoomOS 10.15.2.2
    Affected: RoomOS 11.5.4.6
    Affected: RoomOS 11.5.2.4
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.5.3
    Affected: RoomOS 10.19.2.2
    Affected: RoomOS 11.1.3.1
    Affected: RoomOS 10.11.6.0
    Affected: RoomOS 10.19.3.0
    Affected: RoomOS 10.19.4.2
    Affected: RoomOS 10.3.2.4
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.15.3.0
    Affected: RoomOS 11.1.4.1
    Affected: RoomOS 11.14.2.3
    Affected: RoomOS 11.1.2.4
    Affected: RoomOS 10.8.3.1
    Affected: RoomOS 11.14.2.1
    Affected: RoomOS 10.3.3.0
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.15.4.1
    Affected: RoomOS 10.19.5.6
    Affected: RoomOS 10.11.4.1
    Affected: RoomOS 11.9.3.1
    Affected: RoomOS 11.5.3.3
    Affected: RoomOS 10.3.2.0
    Affected: RoomOS 11.9.2.4
    Affected: RoomOS 11.14.3.0
    Affected: RoomOS 11.17.2.2
    Affected: RoomOS 11.14.4.0
    Affected: RoomOS 10.19 StepUpg
    Affected: RoomOS 11.17.3.0
    Affected: RoomOS 11.20.2.3
    Affected: RoomOS 11.14.5.0
    Affected: RoomOS 11.17.4.0
    Affected: RoomOS 11.20.3.0
    Affected: RoomOS 11.23.1.6
    Affected: RoomOS 11.23.1.8
    Affected: RoomOS 11.24.1.5
    Affected: RoomOS 11.24.2.4
    Affected: RoomOS 11.24.3.0
    Affected: RoomOS 11.24.4.1
    Affected: RoomOS 11.27.2.0
    Affected: RoomOS 11.28.1.3
    Affected: RoomOS 11.27.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20329",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T17:42:38.688864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T17:42:48.088Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.4.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.5.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.6.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.4.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.5.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.3.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19 StepUpg"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.8"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.28.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative\u0026nbsp;credentials.\r\n\r\nThis vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII).\r\nNote: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T16:14:59.904Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-inf-disc-qGgsbxAm",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-inf-disc-qGgsbxAm"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-inf-disc-qGgsbxAm",
            "defects": [
              "CSCwp08812"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20329",
        "datePublished": "2025-10-15T16:14:59.904Z",
        "dateReserved": "2024-10-10T19:15:13.254Z",
        "dateUpdated": "2025-10-15T17:42:48.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20793 (GCVE-0-2022-20793)

    Vulnerability from cvelistv5 – Published: 2024-11-15 15:34 – Updated: 2024-11-15 21:12
    VLAI
    Title
    Cisco Touch 10 Device Insufficient Identity Verification Vulnerability
    Summary
    A vulnerability in pairing process of Cisco&nbsp;TelePresence CE Software and RoomOS Software for Cisco&nbsp;Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-325 - Missing Required Cryptographic Step
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: N/A
    Create a notification for this product.
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
    Affected: CE9.1.4
    Affected: CE9.10.3
    Affected: CE9.1.5
    Affected: CE9.10.1
    Affected: CE9.13.0
    Affected: CE9.1.1
    Affected: CE9.9.4
    Affected: CE9.2.1
    Affected: CE9.1.3
    Affected: CE9.1.6
    Affected: CE9.12.3
    Affected: CE9.13.1
    Affected: CE9.12.4
    Affected: CE9.14.3
    Affected: CE9.14.4
    Affected: CE9.13.2
    Affected: CE9.12.5
    Affected: CE9.14.5
    Affected: CE9.15.0.10
    Affected: CE9.15.0.11
    Affected: CE9.13.3
    Affected: CE9.15.0.13
    Affected: CE9.14.6
    Affected: CE9.15.3.17
    Affected: CE9.14.7
    Affected: CE9.15.0.19
    Affected: CE9.15.3.19
    Affected: CE9.15.3.18
    Affected: CE9.0.1
    Affected: CE9.2.2
    Affected: CE9.1.2
    Affected: CE9.9.3
    Affected: CE9.2.4
    Affected: CE9.2.3
    Affected: CE9.15.3.22
    Affected: CE9.15.8.12
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.13.0
    Create a notification for this product.
    cisco roomos Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco telepresence_tc_software Affected: 0 , < * (custom)
        cpe:2.3:a:cisco:telepresence_tc_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco telepresence_ce_software Affected: 0 , < * (custom)
        cpe:2.3:a:cisco:telepresence_ce_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "roomos",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:telepresence_tc_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "telepresence_tc_software",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:telepresence_ce_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "telepresence_ce_software",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T21:07:36.103341Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T21:12:23.388Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.13"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.18"
                },
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in pairing process of Cisco\u0026nbsp;TelePresence CE Software and RoomOS Software for Cisco\u0026nbsp;Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device.\r\nThis vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-325",
                  "description": "Missing Required Cryptographic Step",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:34:33.919Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-CTT-IVV-4A66Dsfj",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj"
            }
          ],
          "source": {
            "advisory": "cisco-sa-CTT-IVV-4A66Dsfj",
            "defects": [
              "CSCvw08723"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Touch 10 Device Insufficient Identity Verification Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20793",
        "datePublished": "2024-11-15T15:34:33.919Z",
        "dateReserved": "2021-11-02T13:28:29.168Z",
        "dateUpdated": "2024-11-15T21:12:23.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20931 (GCVE-0-2022-20931)

    Vulnerability from cvelistv5 – Published: 2024-11-15 15:30 – Updated: 2024-11-15 15:47
    VLAI
    Title
    Cisco Touch 10 Device Downgrade Attack Vulnerability
    Summary
    A vulnerability in the version control of Cisco&nbsp;TelePresence CE Software for Cisco&nbsp;Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco&nbsp;TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older versions of the software.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-527 - Exposure of Version-Control Repository to an Unauthorized Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
    Affected: CE9.1.4
    Affected: CE9.9.3
    Affected: CE9.10.3
    Affected: CE9.1.5
    Affected: CE9.2.4
    Affected: CE9.10.1
    Affected: CE9.13.0
    Affected: CE9.1.2
    Affected: CE9.1.1
    Affected: CE9.9.4
    Affected: CE9.2.1
    Affected: CE9.1.3
    Affected: CE9.0.1
    Affected: CE9.1.6
    Affected: CE9.12.4
    Affected: CE9.2.2
    Affected: CE9.12.3
    Affected: CE9.2.3
    Affected: CE9.13.1
    Affected: CE9.14.3
    Affected: CE9.14.4
    Affected: CE9.13.2
    Affected: CE9.12.5
    Affected: CE9.14.5
    Affected: CE9.15.0.10
    Affected: CE9.15.0.11
    Affected: CE9.13.3
    Affected: CE9.15.0.13
    Affected: CE9.14.6
    Affected: CE9.15.3.17
    Affected: CE9.14.7
    Affected: CE9.15.0.19
    Affected: CE9.15.3.19
    Affected: CE9.15.3.18
    Affected: CE9.15.3.22
    Affected: CE9.15.8.12
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.13.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20931",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T15:47:05.719923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:47:25.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.13"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.18"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the version control of Cisco\u0026nbsp;TelePresence CE Software for Cisco\u0026nbsp;Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device.\r\nThis vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco\u0026nbsp;TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older versions of the software.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-527",
                  "description": "Exposure of Version-Control Repository to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:30:29.164Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-CTT-DAV-HSvEHHEt",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt"
            }
          ],
          "source": {
            "advisory": "cisco-sa-CTT-DAV-HSvEHHEt",
            "defects": [
              "CSCvw12012"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Touch 10 Device Downgrade Attack Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20931",
        "datePublished": "2024-11-15T15:30:29.164Z",
        "dateReserved": "2021-11-02T13:28:29.192Z",
        "dateUpdated": "2024-11-15T15:47:25.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20004 (GCVE-0-2023-20004)

    Vulnerability from cvelistv5 – Published: 2024-11-15 15:23 – Updated: 2024-11-15 15:37
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability
    Summary
    Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account. Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: N/A
    Create a notification for this product.
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
    Affected: CE9.1.4
    Affected: CE9.9.3
    Affected: CE9.10.3
    Affected: CE9.1.5
    Affected: CE9.2.4
    Affected: CE9.10.1
    Affected: CE9.13.0
    Affected: CE9.1.2
    Affected: CE9.1.1
    Affected: CE9.9.4
    Affected: CE9.2.1
    Affected: CE9.1.3
    Affected: CE9.0.1
    Affected: CE9.1.6
    Affected: CE9.12.4
    Affected: CE9.2.2
    Affected: CE9.12.3
    Affected: CE9.2.3
    Affected: CE9.13.1
    Affected: CE9.14.3
    Affected: CE9.14.4
    Affected: CE9.13.2
    Affected: CE9.12.5
    Affected: CE9.14.5
    Affected: CE9.15.0.10
    Affected: CE9.15.0.11
    Affected: CE9.13.3
    Affected: CE9.15.0.13
    Affected: CE9.14.6
    Affected: CE9.15.3.17
    Affected: CE9.14.7
    Affected: CE9.15.0.19
    Affected: CE9.15.3.19
    Affected: CE9.15.3.18
    Affected: CE9.15.3.22
    Affected: CE9.15.8.12
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.13.0
    Affected: CE9.15.15.4
    Affected: CE9.15.16.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T15:37:09.280084Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:37:26.021Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.13"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.18"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.15.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.16.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:23:29.140Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-file-write-rHKwegKf",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
            "defects": [
              "CSCwc47206"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20004",
        "datePublished": "2024-11-15T15:23:29.140Z",
        "dateReserved": "2022-10-27T18:47:50.305Z",
        "dateUpdated": "2024-11-15T15:37:26.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20090 (GCVE-0-2023-20090)

    Vulnerability from cvelistv5 – Published: 2024-11-15 15:19 – Updated: 2024-11-15 17:15
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability
    Summary
    A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-27 - Path Traversal: 'dir/../../filename'
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: N/A
    Create a notification for this product.
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
    Affected: CE9.1.4
    Affected: CE9.9.3
    Affected: CE9.10.3
    Affected: CE9.1.5
    Affected: CE9.2.4
    Affected: CE9.10.1
    Affected: CE9.13.0
    Affected: CE9.1.2
    Affected: CE9.1.1
    Affected: CE9.9.4
    Affected: CE9.2.1
    Affected: CE9.1.3
    Affected: CE9.0.1
    Affected: CE9.1.6
    Affected: CE9.12.4
    Affected: CE9.2.2
    Affected: CE9.12.3
    Affected: CE9.2.3
    Affected: CE9.13.1
    Affected: CE9.14.3
    Affected: CE9.14.4
    Affected: CE9.13.2
    Affected: CE9.12.5
    Affected: CE9.14.5
    Affected: CE9.15.0.10
    Affected: CE9.15.0.11
    Affected: CE9.13.3
    Affected: CE9.15.0.13
    Affected: CE9.14.6
    Affected: CE9.15.3.17
    Affected: CE9.14.7
    Affected: CE9.15.0.19
    Affected: CE9.15.3.19
    Affected: CE9.15.3.18
    Affected: CE9.15.3.22
    Affected: CE9.15.8.12
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.13.0
    Affected: CE9.15.15.4
    Affected: CE9.15.16.5
    Create a notification for this product.
    cisco telepresence_collaboration_endpoint Affected: 9.0.1
    Affected: 9.10.1
    Affected: 9.10.2
    Affected: 9.10.3
    Affected: 9.1.1
    Affected: 9.1.2
    Affected: 9.12.3
    Affected: 9.12.4
    Affected: 9.12.5
    Affected: 9.1.3
    Affected: 9.13.0
    Affected: 9.13.1
    Affected: 9.13.2
    Affected: 9.13.3
    Affected: 9.1.4
    Affected: 9.14.3
    Affected: 9.14.4
    Affected: 9.14.5
    Affected: 9.14.6
    Affected: 9.1.5
    Affected: 9.15.0.10
    Affected: 9.15.0.11
    Affected: 9.15.13.0
    Affected: 9.15.8.12
    Affected: 9.1.6
    Affected: 9.2.1
    Affected: 9.2.2
    Affected: 9.2.3
    Affected: 9.2.4
    Affected: 9.9.3
    Affected: 9.9.4
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco telepresence_collaboration_endpoint Affected: 9.15.0.19
    Affected: 9.15.10.8
    Affected: 9.15.13.0
    Affected: 9.15.15.4
    Affected: 9.15.16.5
    Affected: 9.15.3.18
    Affected: 9.15.3.19
    Affected: 9.15.3.22
    Affected: 9.15.3.25
    Affected: 9.15.3.26
    Affected: 9.15.8.12
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.15.4:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.16.5:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*
        cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "telepresence_collaboration_endpoint",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.0.1"
                  },
                  {
                    "status": "affected",
                    "version": "9.10.1"
                  },
                  {
                    "status": "affected",
                    "version": "9.10.2"
                  },
                  {
                    "status": "affected",
                    "version": "9.10.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.1"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.2"
                  },
                  {
                    "status": "affected",
                    "version": "9.12.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.12.4"
                  },
                  {
                    "status": "affected",
                    "version": "9.12.5"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.13.0"
                  },
                  {
                    "status": "affected",
                    "version": "9.13.1"
                  },
                  {
                    "status": "affected",
                    "version": "9.13.2"
                  },
                  {
                    "status": "affected",
                    "version": "9.13.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.4"
                  },
                  {
                    "status": "affected",
                    "version": "9.14.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.14.4"
                  },
                  {
                    "status": "affected",
                    "version": "9.14.5"
                  },
                  {
                    "status": "affected",
                    "version": "9.14.6"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.5"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.0.10"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.0.11"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.13.0"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.8.12"
                  },
                  {
                    "status": "affected",
                    "version": "9.1.6"
                  },
                  {
                    "status": "affected",
                    "version": "9.2.1"
                  },
                  {
                    "status": "affected",
                    "version": "9.2.2"
                  },
                  {
                    "status": "affected",
                    "version": "9.2.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.2.4"
                  },
                  {
                    "status": "affected",
                    "version": "9.9.3"
                  },
                  {
                    "status": "affected",
                    "version": "9.9.4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.15.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.16.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*",
                  "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "telepresence_collaboration_endpoint",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.15.0.19"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.10.8"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.13.0"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.15.4"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.16.5"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.3.18"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.3.19"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.3.22"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.3.25"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.3.26"
                  },
                  {
                    "status": "affected",
                    "version": "9.15.8.12"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20090",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T16:49:25.857316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T17:15:43.778Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.13"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.18"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.15.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.16.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-27",
                  "description": "Path Traversal: \u0027dir/../../filename\u0027",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:19:09.891Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-file-write-rHKwegKf",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
            "defects": [
              "CSCwc85883"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20090",
        "datePublished": "2024-11-15T15:19:09.891Z",
        "dateReserved": "2022-10-27T18:47:50.335Z",
        "dateUpdated": "2024-11-15T17:15:43.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20091 (GCVE-0-2023-20091)

    Vulnerability from cvelistv5 – Published: 2024-11-15 15:15 – Updated: 2024-11-15 17:48
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability
    Summary
    A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit this vulnerability, an attacker would need to have a remote support user account. Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-61 - UNIX Symbolic Link (Symlink) Following
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
    Affected: CE9.1.4
    Affected: CE9.9.3
    Affected: CE9.10.3
    Affected: CE9.1.5
    Affected: CE9.2.4
    Affected: CE9.10.1
    Affected: CE9.13.0
    Affected: CE9.1.2
    Affected: CE9.1.1
    Affected: CE9.9.4
    Affected: CE9.2.1
    Affected: CE9.1.3
    Affected: CE9.0.1
    Affected: CE9.1.6
    Affected: CE9.12.4
    Affected: CE9.2.2
    Affected: CE9.12.3
    Affected: CE9.2.3
    Affected: CE9.13.1
    Affected: CE9.14.3
    Affected: CE9.14.4
    Affected: CE9.13.2
    Affected: CE9.12.5
    Affected: CE9.14.5
    Affected: CE9.15.0.10
    Affected: CE9.15.0.11
    Affected: CE9.13.3
    Affected: CE9.15.0.13
    Affected: CE9.14.6
    Affected: CE9.15.3.17
    Affected: CE9.14.7
    Affected: CE9.15.0.19
    Affected: CE9.15.3.19
    Affected: CE9.15.3.18
    Affected: CE9.15.3.22
    Affected: CE9.15.8.12
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.13.0
    Affected: CE9.15.15.4
    Affected: CE9.15.16.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20091",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T17:47:56.924902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T17:48:19.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.13"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.19"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.18"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.15.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.16.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThis vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit this vulnerability, an attacker would need to have a remote support user account.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-61",
                  "description": "UNIX Symbolic Link (Symlink) Following",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:15:03.615Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-file-write-rHKwegKf",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
            "defects": [
              "CSCwc71178"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20091",
        "datePublished": "2024-11-15T15:15:03.615Z",
        "dateReserved": "2022-10-27T18:47:50.336Z",
        "dateUpdated": "2024-11-15T17:48:19.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20094 (GCVE-0-2023-20094)

    Vulnerability from cvelistv5 – Published: 2024-11-15 15:08 – Updated: 2024-11-15 15:43
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
    Summary
    A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information. Note: This vulnerability only affects Cisco Webex Desk Hub. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20094",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T15:43:09.416209Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:43:30.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device.\r\n\r\nThis vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information.\r\nNote: This vulnerability only affects Cisco Webex Desk Hub.\r\nThere are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T15:08:14.206Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-file-write-rHKwegKf",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
            "defects": [
              "CSCwb86296"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20094",
        "datePublished": "2024-11-15T15:08:04.290Z",
        "dateReserved": "2022-10-27T18:47:50.336Z",
        "dateUpdated": "2024-11-15T15:43:30.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20008 (GCVE-0-2023-20008)

    Vulnerability from cvelistv5 – Published: 2023-01-19 01:41 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.3.2.0
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.3.0
    Create a notification for this product.
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.0.1
    Affected: CE9.1.1
    Affected: CE9.1.2
    Affected: CE9.1.3
    Affected: CE9.1.4
    Affected: CE9.1.5
    Affected: CE9.1.6
    Affected: CE9.10.1
    Affected: CE9.10.2
    Affected: CE9.10.3
    Affected: CE9.12.4
    Affected: CE9.12.5
    Affected: CE9.12.3
    Affected: CE9.13.0
    Affected: CE9.13.1
    Affected: CE9.13.3
    Affected: CE9.13.2
    Affected: CE9.2.1
    Affected: CE9.2.2
    Affected: CE9.2.3
    Affected: CE9.2.4
    Affected: CE9.9.3
    Affected: CE9.9.4
    Affected: CE9.14.3
    Affected: CE9.14.5
    Affected: CE9.14.4
    Affected: CE9.14.6
    Affected: CE9.14.7
    Affected: CE9.15.0.11
    Affected: CE9.15.0.10
    Affected: CE9.15.8.12
    Affected: CE9.15.13.0
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.3.17
    Affected: CE9.15.3.22
    Affected: CE9.15.0.19
    Affected: TC7.3.21
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.15.3.0
    Affected: 9.15.3.25
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-roomos-dkjGFgRK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                }
              ]
            },
            {
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.8.12"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "TC7.3.21"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "9.15.3.25"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.\r\n\r This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:30.027Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-dkjGFgRK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-dkjGFgRK",
            "defects": [
              "CSCwc47201"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20008",
        "datePublished": "2023-01-19T01:41:03.629Z",
        "dateReserved": "2022-10-27T18:47:50.307Z",
        "dateUpdated": "2024-08-02T08:57:35.552Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20002 (GCVE-0-2023-20002)

    Vulnerability from cvelistv5 – Published: 2023-01-19 01:40 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.3.2.0
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.3.0
    Create a notification for this product.
    Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.0.1
    Affected: CE9.1.1
    Affected: CE9.1.2
    Affected: CE9.1.3
    Affected: CE9.1.4
    Affected: CE9.1.5
    Affected: CE9.1.6
    Affected: CE9.10.1
    Affected: CE9.10.2
    Affected: CE9.10.3
    Affected: CE9.12.4
    Affected: CE9.12.5
    Affected: CE9.12.3
    Affected: CE9.13.0
    Affected: CE9.13.1
    Affected: CE9.13.3
    Affected: CE9.13.2
    Affected: CE9.2.1
    Affected: CE9.2.2
    Affected: CE9.2.3
    Affected: CE9.2.4
    Affected: CE9.9.3
    Affected: CE9.9.4
    Affected: CE9.14.3
    Affected: CE9.14.5
    Affected: CE9.14.4
    Affected: CE9.14.6
    Affected: CE9.14.7
    Affected: CE9.15.0.11
    Affected: CE9.15.0.10
    Affected: CE9.15.10.8
    Affected: CE9.15.3.26
    Affected: CE9.15.3.25
    Affected: CE9.15.3.17
    Affected: CE9.15.3.22
    Affected: CE9.15.0.19
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.15.3.0
    Affected: 9.15.3.25
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-roomos-dkjGFgRK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                }
              ]
            },
            {
              "product": "Cisco TelePresence Endpoint Software (TC/CE)",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "CE9.0.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.1.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.10.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.12.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.0"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.13.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.1"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.2"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.2.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.9.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.3"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.5"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.4"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.6"
                },
                {
                  "status": "affected",
                  "version": "CE9.14.7"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.11"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.10"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.10.8"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.26"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.25"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.17"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.3.22"
                },
                {
                  "status": "affected",
                  "version": "CE9.15.0.19"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "9.15.3.25"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:28.759Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-roomos-dkjGFgRK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-dkjGFgRK",
            "defects": [
              "CSCwc85914"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20002",
        "datePublished": "2023-01-19T01:40:44.838Z",
        "dateReserved": "2022-10-27T18:47:50.305Z",
        "dateUpdated": "2024-08-02T08:57:35.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20776 (GCVE-0-2022-20776)

    Vulnerability from cvelistv5 – Published: 2022-10-26 14:01 – Updated: 2024-10-25 16:05
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:36:56.062350Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:05:19.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-26T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-trav-beFvCcyu",
            "defect": [
              [
                "CSCwb29733",
                "CSCwc21962",
                "CSCwc47215",
                "CSCwc47220",
                "CSCwc47228"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20776",
        "datePublished": "2022-10-26T14:01:18.142Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-25T16:05:19.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20955 (GCVE-0-2022-20955)

    Vulnerability from cvelistv5 – Published: 2022-10-26 14:01 – Updated: 2024-10-25 16:05
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20955",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:36:57.942858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:05:25.921Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-26T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-trav-beFvCcyu",
            "defect": [
              [
                "CSCwb29733",
                "CSCwc21962",
                "CSCwc47215",
                "CSCwc47220",
                "CSCwc47228"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20955",
        "datePublished": "2022-10-26T14:01:04.676Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-25T16:05:25.921Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20954 (GCVE-0-2022-20954)

    Vulnerability from cvelistv5 – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:58.919Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20954",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:36:59.314682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:05:33.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-26T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-trav-beFvCcyu",
            "defect": [
              [
                "CSCwb29733",
                "CSCwc21962",
                "CSCwc47215",
                "CSCwc47220",
                "CSCwc47228"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20954",
        "datePublished": "2022-10-26T14:00:54.656Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-25T16:05:33.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20953 (GCVE-0-2022-20953)

    Vulnerability from cvelistv5 – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:37:00.694014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:05:40.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-26T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-trav-beFvCcyu",
            "defect": [
              [
                "CSCwb29733",
                "CSCwc21962",
                "CSCwc47215",
                "CSCwc47220",
                "CSCwc47228"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20953",
        "datePublished": "2022-10-26T14:00:44.967Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-25T16:05:40.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20811 (GCVE-0-2022-20811)

    Vulnerability from cvelistv5 – Published: 2022-10-26 14:00 – Updated: 2024-10-25 16:05
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
    Summary
    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.942Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20811",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:37:02.309084Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:05:48.346Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-26T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20221019 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-trav-beFvCcyu",
            "defect": [
              [
                "CSCwb29733",
                "CSCwc21962",
                "CSCwc47215",
                "CSCwc47220",
                "CSCwc47228"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20811",
        "datePublished": "2022-10-26T14:00:20.814Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-10-25T16:05:48.346Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20768 (GCVE-0-2022-20768)

    Vulnerability from cvelistv5 – Published: 2022-07-06 20:30 – Updated: 2024-11-01 19:00
    VLAI
    Title
    Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
    Summary
    A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.327Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20768",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:41:08.923271Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T19:00:40.779Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-06T20:30:17.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
            }
          ],
          "source": {
            "advisory": "cisco-sa-roomos-infodisc-YOTz9Ct7",
            "defect": [
              [
                "CSCwa87973"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-06T16:00:00",
              "ID": "CVE-2022-20768",
              "STATE": "PUBLIC",
              "TITLE": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco RoomOS Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "4.9",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-532"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220706 Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-roomos-infodisc-YOTz9Ct7",
              "defect": [
                [
                  "CSCwa87973"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20768",
        "datePublished": "2022-07-06T20:30:17.911Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-01T19:00:40.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }