How severe is CVE-2023-20090?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2023-20090?

This is classified as CWE-27, which is a common weakness in software security.

CVE-2023-20090 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2023-20127

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged in...

CWE-272023

CVE-2023-20129

MEDIUM

CVSS:6.5(Medium)

CWE-272023

CVE-2023-20130

MEDIUM

CVSS:6.5(Medium)

CWE-272023

CVE-2023-34125

MEDIUM

CVSS:6.5(Medium)

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and ea...

CWE-272023

CVE-2021-35027

HIGH

CVSS:7.5(High)

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.

CWE-272021

CVE-2024-20348

HIGH

CVSS:7.5(High)

A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vul...

CWE-272024