CVE-2023-20092

MEDIUM Year: 2023
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-61
View all →

Vulnerability Description

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account. Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Related Vulnerabilities

CVE-2023-20093

MEDIUM
CVSS:4.4(Medium)

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vul...

CWE-612023

CVE-2024-0134

MEDIUM
CVSS:4.1(Medium)

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name a...

CWE-612024

CVE-2019-11249

MEDIUM
CVSS:4.8(Medium)

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over th...

CWE-612019

CVE-2024-42367

MEDIUM
CVSS:4.8(Medium)

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulne...

CWE-612024

CVE-2023-20091

MEDIUM
CVSS:5.1(Medium)

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerabil...

CWE-612023

CVE-2024-45310

LOW
CVSS:3.6(Low)

runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or direct...

CWE-612024