CVE-2023-20092

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Nov 15, 2024

CWE ID 61

Summary

CVE-2023-20092 refers to three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS. These issues allow authenticated, local attackers to overwrite arbitrary files on the affected device by exploiting improper access controls on local files. To do so, an attacker would need to have a remote support user account and place a symbolic link in a specific location on the local file system. These vulnerabilities do not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices. Cisco has issued software updates to address these vulnerabilities, and there are currently no workarounds available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/q5RN4J
https://www.cve.org/CVERecord?id=CVE-2023-20092
https://nvd.nist.gov/vuln/detail/CVE-2023-20092

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2023-20092

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations