CVE-2023-20093

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Nov 15, 2024
CWE ID 61

Summary

CVE-2023-20093 refers to three vulnerabilities discovered in the Command Line Interface (CLI) of Cisco TelePresence CE and RoomOS. An authenticated, local attacker can exploit these vulnerabilities by creating symbolic links to overwrite arbitrary files on the local file system of an affected device. The vulnerabilities result from weak access controls on certain files. Successful exploitation could lead to significant file system manipulation, potentially causing severe damage. These vulnerabilities only impact Cisco TelePresence CE and RoomOS devices, and remote support user accounts are required for exploitation. Cisco has released software updates that mitigate these vulnerabilities, and no workarounds are available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share