First published: Wed Oct 26 2022(Updated: )
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Collaboration Endpoint | <10.19.1 | |
Cisco RoomOS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-20953.
The severity of CVE-2022-20953 is medium with a CVSS score of 5.5.
The affected software for CVE-2022-20953 is Cisco TelePresence Collaboration Endpoint (CE) Software version up to 10.19.1 and Cisco RoomOS Software.
The risks of CVE-2022-20953 include path traversal attacks, unauthorized access to sensitive data, and unauthorized writing of arbitrary files on an affected device.
Yes, Cisco has released security updates to address the vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software. It is recommended to update to the latest available version.