CVE-2022-20953

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint (CE) Software (affected versions not specified) Cisco RoomOS Software (affected versions not specified)

Description The issue is related to insufficient access control in the software of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS, which could allow an attacker to gain unauthorized access to sensitive information by sending a specially crafted request. This could enable an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device.

Recommendations For Cisco TelePresence Collaboration Endpoint (CE) Software, update to a version that addresses the access control issue. For Cisco RoomOS Software, update to a version that addresses the access control issue. As a temporary workaround, consider restricting access to sensitive data and files on affected devices until a patch is available. Avoid using affected devices for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.