SB2023042029 - Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint and RoomOS

Security Bulletin ID SB2023042029

Severity

Low

Patch available

NO

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2023-20093)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the CLI. A local administrator can place a symbolic link in a specific location on the local file system and overwrite arbitrary files.

2) Out-of-bounds read (CVE-ID: CVE-2023-20094)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker on the local network can send a specially crafted request, trigger an out-of-bounds read error and read contents of memory on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf