CVE-2023-20091

CVSS 3.1 Score 5.1 of 10 (medium)

Details

Published Nov 15, 2024
CWE ID 61

Summary

CVE-2023-20091 is a vulnerability affecting the Command Line Interface (CLI) of Cisco TelePresence CE and RoomOS. This issue allows authenticated, local attackers to overwrite arbitrary files on the local file system of vulnerable devices, due to insufficient access controls. An attacker can exploit this vulnerability by creating a symbolic link in a specific location on the affected device. To successfully exploit this vulnerability, an attacker requires a remote support user account. Cisco has released software updates to address this issue, and currently, there are no known workarounds.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share