CVE-2023-20008

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS (affected versions not specified)

Description The issue is related to inadequate access control in the command-line interface (CLI) of the Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS, allowing an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This is due to improper access controls on files in the local file system. An attacker could exploit this by placing a symbolic link in a specific location on the local file system, potentially allowing them to overwrite arbitrary files.

Recommendations For Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS, consider restricting access to the CLI to minimize the risk of exploitation until a fix is available. As a temporary workaround, avoid using the CLI for sensitive operations on affected devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.