CVE-2023-20002

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS (affected versions not specified)

Description The issue is related to insufficient validation of incoming requests, which could allow an attacker to conduct a Server-Side Request Forgery (SSRF) attack. This can be achieved by sending a specially crafted HTTP request. The vulnerability is due to improper validation of user-supplied input, allowing an authenticated, local attacker to bypass access controls.

Recommendations For Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS, consider restricting access to the web application until a fix is available. As a temporary workaround, consider disabling the functionality that allows user-supplied input to be sent as HTTP requests until a patch is available. Avoid using the affected device for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.