Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

2023-01-1116:00:00

tools.cisco.com

cisco

telepresence

collaboration

endpoint

roomos

software

vulnerabilities

authenticated

local attacker

ssrf attacks

server-side

request forgery

overwrite

arbitrary files

security advisory

software updates

workarounds

details section.

0.0004 Low

EPSS

Percentile

5.1%

JSON

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to conduct server-side request forgery (SSRF) attacks through an affected device or to overwrite arbitrary files on an affected device.

For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK”]

Affected configurations

Vulners

Node

ciscoroomosMatchany

ciscotelepresence_ce_softwareMatchany

ciscoroomosMatchany

ciscotelepresence_ce_softwareMatchany

CPENameOperatorVersion
cisco roomos softwareeqany
cisco telepresence endpoint software (tc/ce)eqany
cisco roomos softwareeqany
cisco telepresence endpoint software (tc/ce)eqany

Name	Operator	Version
cisco roomos software	eq	any
cisco telepresence endpoint software (tc/ce)	eq	any
cisco roomos software	eq	any
cisco telepresence endpoint software (tc/ce)	eq	any