How severe is CVE-2023-20091?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.1 out of 10.

What type of vulnerability is CVE-2023-20091?

This is classified as CWE-61, which is a common weakness in software security.

CVE-2023-20091 - MEDIUM Severity | CVSS 5.1

Vulnerability Description

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit this vulnerability, an attacker would need to have a remote support user account. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2019-11249

MEDIUM

CVSS:4.8(Medium)

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over th...

CWE-612019

CVE-2024-42367

MEDIUM

CVSS:4.8(Medium)

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulne...

CWE-612024

CVE-2024-27872

MEDIUM

CVSS:5.5(Medium)

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6. An app may be able to access protected user data.

CWE-612024

CVE-2024-34014

MEDIUM

CVSS:5.5(Medium)

Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Bac...

CWE-612024

CVE-2024-52542

MEDIUM

CVSS:5.5(Medium)

Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to informati...

CWE-612024

CVE-2025-24832

MEDIUM

CVSS:5.5(Medium)

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.8...

CWE-612025