Improper access control

2023-01-2007:15:00

PRIOn knowledge base

www.prio-n.com

cisco telepresence

roomos software

vulnerability

local attacker

overwrite files

access controls

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.

This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

CPENameOperatorVersion
roomoseq10.3.2.0
roomoseq10.3.4.0
roomoseq10.8.2.5
roomoseq10.11.5.2
roomoseq10.8.4.0
roomoseq10.11.3.0
roomoseq10.15.3.0
telepresence_collaboration_endpointeq8.1.1
telepresence_collaboration_endpointeq8.3.0
telepresence_collaboration_endpointeq8.3.5

Name	Operator	Version
roomos	eq	10.3.2.0
roomos	eq	10.3.4.0
roomos	eq	10.8.2.5
roomos	eq	10.11.5.2
roomos	eq	10.8.4.0
roomos	eq	10.11.3.0
roomos	eq	10.15.3.0
telepresence_collaboration_endpoint	eq	8.1.1
telepresence_collaboration_endpoint	eq	8.3.0
telepresence_collaboration_endpoint	eq	8.3.5