First published: Thu Jan 19 2023(Updated: )
A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco RoomOS | =10.3.2.0 | |
Cisco RoomOS | =10.3.4.0 | |
Cisco RoomOS | =10.8.2.5 | |
Cisco RoomOS | =10.8.4.0 | |
Cisco RoomOS | =10.11.3.0 | |
Cisco RoomOS | =10.11.5.2 | |
Cisco RoomOS | =10.15.3.0 | |
Cisco TelePresence Collaboration Endpoint | =8.1.1 | |
Cisco TelePresence Collaboration Endpoint | =8.3.0 | |
Cisco TelePresence Collaboration Endpoint | =8.3.5 | |
Cisco TelePresence Collaboration Endpoint | =9.0.1 | |
Cisco TelePresence Collaboration Endpoint | =9.1.1 | |
Cisco TelePresence Collaboration Endpoint | =9.1.2 | |
Cisco TelePresence Collaboration Endpoint | =9.1.3 | |
Cisco TelePresence Collaboration Endpoint | =9.1.4 | |
Cisco TelePresence Collaboration Endpoint | =9.1.5 | |
Cisco TelePresence Collaboration Endpoint | =9.1.6 | |
Cisco TelePresence Collaboration Endpoint | =9.2.1 | |
Cisco TelePresence Collaboration Endpoint | =9.2.2 | |
Cisco TelePresence Collaboration Endpoint | =9.2.3 | |
Cisco TelePresence Collaboration Endpoint | =9.2.4 | |
Cisco TelePresence Collaboration Endpoint | =9.9.3 | |
Cisco TelePresence Collaboration Endpoint | =9.9.4 | |
Cisco TelePresence Collaboration Endpoint | =9.10.1 | |
Cisco TelePresence Collaboration Endpoint | =9.10.2 | |
Cisco TelePresence Collaboration Endpoint | =9.10.3 | |
Cisco TelePresence Collaboration Endpoint | =9.12.3 | |
Cisco TelePresence Collaboration Endpoint | =9.12.4 | |
Cisco TelePresence Collaboration Endpoint | =9.12.5 | |
Cisco TelePresence Collaboration Endpoint | =9.13.0 | |
Cisco TelePresence Collaboration Endpoint | =9.13.1 | |
Cisco TelePresence Collaboration Endpoint | =9.13.2 | |
Cisco TelePresence Collaboration Endpoint | =9.13.3 | |
Cisco TelePresence Collaboration Endpoint | =9.14.3 | |
Cisco TelePresence Collaboration Endpoint | =9.14.4 | |
Cisco TelePresence Collaboration Endpoint | =9.14.5 | |
Cisco TelePresence Collaboration Endpoint | =9.14.6 | |
Cisco TelePresence Collaboration Endpoint | =9.15.0.10 | |
Cisco TelePresence Collaboration Endpoint | =9.15.0.11 | |
Cisco TelePresence Collaboration Endpoint | =9.15.3.25 | |
Cisco TelePresence Collaboration Endpoint | =9.15.3.26 | |
Cisco TelePresence Collaboration Endpoint | =9.15.10.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2023-20002.
The severity level of CVE-2023-20002 is medium, with a score of 4.4.
This vulnerability affects Cisco TelePresence CE and RoomOS Software by allowing an authenticated local attacker to bypass access controls and conduct an SSRF attack through an affected device.
CVE-2023-20002 is caused by improper validation of user-supplied input.
To fix this vulnerability, it is recommended to apply the necessary security patch provided by Cisco.