CVE-2023-20002

{"id": "CVE-2023-20002", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}]}, "published": "2023-01-20T07:15:12.450", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system."}], "lastModified": "2024-01-25T17:15:23.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:roomos:10.3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D83C41B-DD92-4B31-B2B3-BD831B908E22"}, {"criteria": "cpe:2.3:o:cisco:roomos:10.3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83093692-59FB-4C24-AF96-A76DFADD37C1"}, {"criteria": "cpe:2.3:o:cisco:roomos:10.8.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA3E919D-0686-4680-882C-7EB636EC1089"}, {"criteria": "cpe:2.3:o:cisco:roomos:10.8.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA427278-651C-47AB-996E-3B0BD307E34F"}, {"criteria": "cpe:2.3:o:cisco:roomos:10.11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "293FE8EE-2C4E-4EA2-BBC7-680C08F45E11"}, {"criteria": "cpe:2.3:o:cisco:roomos:10.11.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23A27105-A41F-4814-BCA9-2DE3D1505D73"}, {"criteria": "cpe:2.3:o:cisco:roomos:10.15.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB29E8E8-74BD-430E-A12E-E91E27FF81A2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9840947F-758C-4A97-B9D2-A9F1B414D6FA"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DDF553F-4945-43EB-9D87-2AD8464EE7BC"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C672A9A-3AD3-44B3-B8BE-1EA3A5AE9D2E"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E22AE6C0-3FDE-435E-BA25-2664A2B9758C"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F2E8E40-3B18-49A6-B78C-472B5D55039D"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67604778-41A3-4519-B526-4807EBD8E61F"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F781A5E-C38E-4BE3-9F47-8B0392E6DEF0"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "479C49D0-5279-4054-8440-9683624AC057"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B42E4172-2723-426D-AE73-453C74961885"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C4770CB-A207-4D72-9EC0-2B6AEE9EC54E"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F248A6D4-23C6-4D6D-B972-D6F9E711B61F"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0559D1BB-51A9-4285-A845-ECB6A6B7D678"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1ED50F6-B01C-4003-A797-109DA9A631FA"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD3C7127-EE08-4212-92DF-C8D568F2A453"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4F86038-E6D2-4F6F-B768-68525833FD8E"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C931235-9560-4186-A339-167DAB5B7E15"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABCAF219-6E5E-42BB-9892-B17D99634518"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BA1A42D-D874-4DD4-BB08-AFFEE4EAD015"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1785B2F-B319-403F-A106-9137B9D140BE"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C73AE384-CF1A-4D57-8E95-4E2D5DFB1E04"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FB34F64-D33A-4C32-9D18-5CAF45CB1933"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C05E7CB-5ABF-4F61-B6B8-03F46B91FBF9"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "906C8212-DD6A-4485-8629-EBEFC727C70D"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "758679DD-D282-4FDC-9D46-BF698660C789"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6F63CDD-D2B6-4FED-9C93-63AD60882EAB"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A529A0C7-CCE3-4994-B412-0BEC7B4D2E9B"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE5CFE99-B3DB-429E-AEBA-3F863E29EDF5"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37AEF4D9-06A3-4A15-B310-F3F2896B0992"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "659220C8-4391-40C9-8047-8F761ECC58C1"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71A16E86-C21B-42B6-88A9-AF3CF0957C3E"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43DC02FB-1308-4505-BB12-BDBA971B48E6"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF3A23C7-7BB6-4A18-AFCF-47F508FA3561"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3800DAF9-E42F-474C-8C9C-F8A5934148D3"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "310C0A56-6523-42EB-8BF2-4C13969D057E"}, {"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F349CFD5-D70F-426C-B670-156FD558E50F"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}