CVE-2023-20093
CVSS 3.1 Score 4.4 of 10 (medium)
Details
Summary
CVE-2023-20093 refers to three vulnerabilities discovered in the Command Line Interface (CLI) of Cisco TelePresence CE and RoomOS. An authenticated, local attacker can exploit these vulnerabilities by creating symbolic links to overwrite arbitrary files on the local file system of an affected device. The vulnerabilities result from weak access controls on certain files. Successful exploitation could lead to significant file system manipulation, potentially causing severe damage. These vulnerabilities only impact Cisco TelePresence CE and RoomOS devices, and remote support user accounts are required for exploitation. Cisco has released software updates that mitigate these vulnerabilities, and no workarounds are available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.