CVE-2023-20008
First published: Thu Jan 19 2023(Updated: )
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco RoomOS | =10.3.2.0 | |
| Cisco RoomOS | =10.3.4.0 | |
| Cisco RoomOS | =10.8.2.5 | |
| Cisco RoomOS | =10.8.4.0 | |
| Cisco RoomOS | =10.11.3.0 | |
| Cisco RoomOS | =10.11.5.2 | |
| Cisco RoomOS | =10.15.3.0 | |
| Cisco TelePresence Collaboration Endpoint | =8.0.0 | |
| Cisco TelePresence Collaboration Endpoint | =8.0.1 | |
| Cisco TelePresence Collaboration Endpoint | =8.1.0 | |
| Cisco TelePresence Collaboration Endpoint | =8.1.1 | |
| Cisco TelePresence Collaboration Endpoint | =8.2.0 | |
| Cisco TelePresence Collaboration Endpoint | =8.2.1 | |
| Cisco TelePresence Collaboration Endpoint | =8.2.2 | |
| Cisco TelePresence Collaboration Endpoint | =8.3.0 | |
| Cisco TelePresence Collaboration Endpoint | =8.3.1 | |
| Cisco TelePresence Collaboration Endpoint | =8.3.2 | |
| Cisco TelePresence Collaboration Endpoint | =8.3.3 | |
| Cisco TelePresence Collaboration Endpoint | =8.3.5 | |
| Cisco TelePresence Collaboration Endpoint | =8.3.6 | |
| Cisco TelePresence Collaboration Endpoint | =9.0.1 | |
| Cisco TelePresence Collaboration Endpoint | =9.1.1 | |
| Cisco TelePresence Collaboration Endpoint | =9.1.2 | |
| Cisco TelePresence Collaboration Endpoint | =9.1.3 | |
| Cisco TelePresence Collaboration Endpoint | =9.1.4 | |
| Cisco TelePresence Collaboration Endpoint | =9.1.5 | |
| Cisco TelePresence Collaboration Endpoint | =9.1.6 | |
| Cisco TelePresence Collaboration Endpoint | =9.2.1 | |
| Cisco TelePresence Collaboration Endpoint | =9.2.2 | |
| Cisco TelePresence Collaboration Endpoint | =9.2.3 | |
| Cisco TelePresence Collaboration Endpoint | =9.2.4 | |
| Cisco TelePresence Collaboration Endpoint | =9.9.3 | |
| Cisco TelePresence Collaboration Endpoint | =9.9.4 | |
| Cisco TelePresence Collaboration Endpoint | =9.10.1 | |
| Cisco TelePresence Collaboration Endpoint | =9.10.2 | |
| Cisco TelePresence Collaboration Endpoint | =9.10.3 | |
| Cisco TelePresence Collaboration Endpoint | =9.12.3 | |
| Cisco TelePresence Collaboration Endpoint | =9.12.4 | |
| Cisco TelePresence Collaboration Endpoint | =9.12.5 | |
| Cisco TelePresence Collaboration Endpoint | =9.13.0 | |
| Cisco TelePresence Collaboration Endpoint | =9.13.1 | |
| Cisco TelePresence Collaboration Endpoint | =9.13.2 | |
| Cisco TelePresence Collaboration Endpoint | =9.13.3 | |
| Cisco TelePresence Collaboration Endpoint | =9.14.3 | |
| Cisco TelePresence Collaboration Endpoint | =9.14.4 | |
| Cisco TelePresence Collaboration Endpoint | =9.14.5 | |
| Cisco TelePresence Collaboration Endpoint | =9.14.6 | |
| Cisco TelePresence Collaboration Endpoint | =9.15.0.10 | |
| Cisco TelePresence Collaboration Endpoint | =9.15.0.11 | |
| Cisco TelePresence Collaboration Endpoint | =9.15.3.25 | |
| Cisco TelePresence Collaboration Endpoint | =9.15.3.26 | |
| Cisco TelePresence Collaboration Endpoint | =9.15.8.12 | |
| Cisco TelePresence Collaboration Endpoint | =9.15.10.8 | |
| Cisco TelePresence Collaboration Endpoint | =9.15.13.0 | |
| Cisco Telepresence Tc | =7.3.5 | |
| Cisco Telepresence Tc | =7.3.6 | |
| Cisco Telepresence Tc | =7.3.7 | |
| Cisco Telepresence Tc | =7.3.9 | |
| Cisco Telepresence Tc | =7.3.13 | |
| Cisco Telepresence Tc | =7.3.21 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-20008?
CVE-2023-20008 is classified as a High severity vulnerability due to its potential for unauthorized file overwriting.
How do I fix CVE-2023-20008?
To fix CVE-2023-20008, update your affected Cisco TelePresence CE or RoomOS Software to the latest patched version.
What types of devices are affected by CVE-2023-20008?
CVE-2023-20008 affects various versions of Cisco TelePresence CE and RoomOS Software.
Who can exploit CVE-2023-20008?
CVE-2023-20008 can be exploited by authenticated local attackers with access to the affected system.
What is the impact of exploiting CVE-2023-20008?
Exploiting CVE-2023-20008 can allow an attacker to overwrite arbitrary files on the local system of the affected device.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/cisco
- canonical/cisco roomos
- version/cisco roomos/10.3.2.0
- version/cisco roomos/10.3.4.0
- version/cisco roomos/10.8.2.5
- version/cisco roomos/10.8.4.0
- version/cisco roomos/10.11.3.0
- version/cisco roomos/10.11.5.2
- version/cisco roomos/10.15.3.0
- canonical/cisco telepresence collaboration endpoint
- version/cisco telepresence collaboration endpoint/8.0.0
- version/cisco telepresence collaboration endpoint/8.0.1
- version/cisco telepresence collaboration endpoint/8.1.0
- version/cisco telepresence collaboration endpoint/8.1.1
- version/cisco telepresence collaboration endpoint/8.2.0
- version/cisco telepresence collaboration endpoint/8.2.1
- version/cisco telepresence collaboration endpoint/8.2.2
- version/cisco telepresence collaboration endpoint/8.3.0
- version/cisco telepresence collaboration endpoint/8.3.1
- version/cisco telepresence collaboration endpoint/8.3.2
- version/cisco telepresence collaboration endpoint/8.3.3
- version/cisco telepresence collaboration endpoint/8.3.5
- version/cisco telepresence collaboration endpoint/8.3.6
- version/cisco telepresence collaboration endpoint/9.0.1
- version/cisco telepresence collaboration endpoint/9.1.1
- version/cisco telepresence collaboration endpoint/9.1.2
- version/cisco telepresence collaboration endpoint/9.1.3
- version/cisco telepresence collaboration endpoint/9.1.4
- version/cisco telepresence collaboration endpoint/9.1.5
- version/cisco telepresence collaboration endpoint/9.1.6
- version/cisco telepresence collaboration endpoint/9.2.1
- version/cisco telepresence collaboration endpoint/9.2.2
- version/cisco telepresence collaboration endpoint/9.2.3
- version/cisco telepresence collaboration endpoint/9.2.4
- version/cisco telepresence collaboration endpoint/9.9.3
- version/cisco telepresence collaboration endpoint/9.9.4
- version/cisco telepresence collaboration endpoint/9.10.1
- version/cisco telepresence collaboration endpoint/9.10.2
- version/cisco telepresence collaboration endpoint/9.10.3
- version/cisco telepresence collaboration endpoint/9.12.3
- version/cisco telepresence collaboration endpoint/9.12.4
- version/cisco telepresence collaboration endpoint/9.12.5
- version/cisco telepresence collaboration endpoint/9.13.0
- version/cisco telepresence collaboration endpoint/9.13.1
- version/cisco telepresence collaboration endpoint/9.13.2
- version/cisco telepresence collaboration endpoint/9.13.3
- version/cisco telepresence collaboration endpoint/9.14.3
- version/cisco telepresence collaboration endpoint/9.14.4
- version/cisco telepresence collaboration endpoint/9.14.5
- version/cisco telepresence collaboration endpoint/9.14.6
- version/cisco telepresence collaboration endpoint/9.15.0.10
- version/cisco telepresence collaboration endpoint/9.15.0.11
- version/cisco telepresence collaboration endpoint/9.15.3.25
- version/cisco telepresence collaboration endpoint/9.15.3.26
- version/cisco telepresence collaboration endpoint/9.15.8.12
- version/cisco telepresence collaboration endpoint/9.15.10.8
- version/cisco telepresence collaboration endpoint/9.15.13.0
- canonical/cisco telepresence tc
- version/cisco telepresence tc/7.3.5
- version/cisco telepresence tc/7.3.6
- version/cisco telepresence tc/7.3.7
- version/cisco telepresence tc/7.3.9
- version/cisco telepresence tc/7.3.13
- version/cisco telepresence tc/7.3.21