cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20793,https://securityvulnerability.io/vulnerability/CVE-2022-20793,Unauthenticated Attacker could Impersonate Legitimate Device and Pair with Affected Device,"A flaw in the device pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices exposes a significant security risk. This vulnerability arises from inadequate identity verification, permitting an unauthenticated remote attacker to masquerade as a legitimate device. By responding to the pairing broadcast from an affected device, an attacker could establish a connection, gaining unauthorized access. This exploitation highlights the necessity for robust identity verification mechanisms to safeguard against unauthorized pairing attempts. No workarounds are available to mitigate this issue.",Cisco,"Cisco Roomos Software,Cisco Telepresence Endpoint Software (tc/ce)",6.8,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2024-11-15T15:34:33.919Z,0
CVE-2023-20004,https://securityvulnerability.io/vulnerability/CVE-2023-20004,Cisco TelePresence CE and RoomOS Vulnerabilities Could Allow Arbitrary File Overwrite,"Multiple vulnerabilities in the command-line interface (CLI) of Cisco TelePresence CE and RoomOS impact the security of the affected devices, enabling an authenticated local attacker to overwrite arbitrary files on the local file system. This risk arises from inadequate access control mechanisms governing local files. By placing a symbolic link at a designated location within the local file system, an attacker possessing a remote support user account can trigger an exploit. It is important to note that certain devices, including Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series, remain unaffected by these vulnerabilities. Cisco has issued software updates to mitigate these risks, and currently, no applicable workarounds exist.",Cisco,"Cisco Roomos Software,Cisco Telepresence Endpoint Software (tc/ce)",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:23:29.140Z,0
CVE-2023-20090,https://securityvulnerability.io/vulnerability/CVE-2023-20090,Cisco TelePresence CE and RoomOS Vulnerability: Elevated Privileges for Authenticated Attackers,"A security issue exists in Cisco TelePresence CE and RoomOS, which stems from inadequate access control on specific command-line interface (CLI) commands. This vulnerability enables an authenticated, local attacker to execute a series of specially crafted commands that can lead to elevated privileges, potentially allowing the attacker to gain root-level access on the affected devices. Cisco has issued software updates to mitigate this flaw, and there are currently no available workarounds.",Cisco,"Cisco Roomos Software,Cisco Telepresence Endpoint Software (tc/ce)",6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:19:09.891Z,0
CVE-2023-20092,https://securityvulnerability.io/vulnerability/CVE-2023-20092,Three Vulnerabilities in CLI of Cisco TelePresence CE and RoomOS Could Allow Local Attacker to Overwrite Arbitrary Files,"In Cisco TelePresence CE and RoomOS, multiple vulnerabilities exist that can enable an authenticated local attacker to overwrite arbitrary files on the file system of an affected device. These vulnerabilities arise from inadequate access control measures applied to files stored on the local file system. By exploiting these vulnerabilities, an attacker could insert a symbolic link at a designated location, facilitating unauthorized file modifications. To execute this exploit, the attacker must possess a remote support user account. Notably, these vulnerabilities do not impact the Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices. Cisco has released updates to remediate these issues, and no viable workarounds are available.",Cisco,"Cisco Roomos Software,Cisco Telepresence Endpoint Software (tc/ce)",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:12:58.590Z,0
CVE-2023-20093,https://securityvulnerability.io/vulnerability/CVE-2023-20093,Arbitrary File Overwriting Vulnerabilities in Cisco TelePresence CE and RoomOS,"This security concern involves multiple vulnerabilities found within the Command-Line Interface (CLI) of Cisco TelePresence CE and RoomOS. These weaknesses stem from insufficient access control mechanisms that allow authenticated local attackers to place symbolic links in specific locations on the local file system. By exploiting these vulnerabilities, an attacker could overwrite arbitrary files, potentially compromising the integrity of the affected device. It is essential for users to be aware that to carry out such attacks, the attacker must possess a remote support user account. Relevant software updates from Cisco aim to mitigate these vulnerabilities, and currently, there are no viable workarounds.",Cisco,"Cisco Roomos Software,Cisco Telepresence Endpoint Software (tc/ce)",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:11:19.884Z,0
CVE-2023-20094,https://securityvulnerability.io/vulnerability/CVE-2023-20094,Unauthorized Access to Sensitive Information on Cisco Webex Desk Hub Devices,"A vulnerability exists within Cisco TelePresence CE and RoomOS that permits an unauthenticated, adjacent attacker to access sensitive information stored on affected devices. This issue arises from improper bounds checking in the software. By sending specially crafted requests to these devices, an attacker may exploit this vulnerability to execute an out-of-bounds read, potentially exposing confidential data. Currently, all affected users, particularly those utilizing the Cisco Webex Desk Hub, face significant risks with no available workarounds.",Cisco,"Cisco Roomos Software,Cisco Telepresence Endpoint Software (tc/ce)",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-15T15:08:04.290Z,0
CVE-2023-20008,https://securityvulnerability.io/vulnerability/CVE-2023-20008,Local File Overwrite Vulnerability in Cisco TelePresence CE and RoomOS Software,"A local file overwrite vulnerability exists in the CLI of Cisco TelePresence CE and RoomOS Software. It arises due to inadequate access controls on files in the local file system. An authenticated attacker with local access can exploit this vulnerability by creating a symbolic link in a specific directory on the device's local file system. This exploit can lead to the unintended overwriting of arbitrary files, potentially compromising the integrity of the affected system.",Cisco,"Cisco RoomOS Software,Cisco TelePresence Endpoint Software (TC/CE)",7.1,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-01-20T07:15:00.000Z,0
CVE-2023-20002,https://securityvulnerability.io/vulnerability/CVE-2023-20002,Access Control Bypass in Cisco TelePresence and RoomOS Software,"A vulnerability in Cisco TelePresence CE and RoomOS Software allows an authenticated, local attacker to bypass access controls and perform server-side request forgery (SSRF) attacks. This issue arises from inadequate validation of user-supplied input, enabling attackers to send carefully crafted requests via the web application. Successful exploitation permits the attacker to send arbitrary network requests originating from the affected device, potentially compromising network security.",Cisco,"Cisco RoomOS Software,Cisco TelePresence Endpoint Software (TC/CE)",4.4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-01-20T07:15:00.000Z,0
CVE-2022-20953,https://securityvulnerability.io/vulnerability/CVE-2022-20953,Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities,"Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Roomos Software,5.5,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-08-03T03:15:49.000Z,,false,false,,2022-10-26T15:15:00.000Z,0
CVE-2022-20776,https://securityvulnerability.io/vulnerability/CVE-2022-20776,Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities,"Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Roomos Software,5.5,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-10-26T15:15:00.000Z,0
CVE-2022-20811,https://securityvulnerability.io/vulnerability/CVE-2022-20811,Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities,"Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Roomos Software,5.5,MEDIUM,0.0008999999845400453,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-10-26T15:15:00.000Z,0
CVE-2022-20954,https://securityvulnerability.io/vulnerability/CVE-2022-20954,Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities,"Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Roomos Software,5.5,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-08-03T03:15:49.000Z,,false,false,,2022-10-26T15:15:00.000Z,0
CVE-2022-20955,https://securityvulnerability.io/vulnerability/CVE-2022-20955,Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities,"Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Roomos Software,5.5,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-08-03T03:15:49.000Z,,false,false,,2022-10-26T15:15:00.000Z,0
CVE-2022-20768,https://securityvulnerability.io/vulnerability/CVE-2022-20768,Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability,"A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials.",Cisco,Cisco Roomos Software,4.9,MEDIUM,0.00107999995816499,false,,false,false,true,2024-08-03T03:15:40.000Z,,false,false,,2022-07-06T00:00:00.000Z,0
CVE-2022-20794,https://securityvulnerability.io/vulnerability/CVE-2022-20794,Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities,"Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Roomos Software,6.5,MEDIUM,0.0012000000569969416,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-05-04T00:00:00.000Z,0
CVE-2022-20764,https://securityvulnerability.io/vulnerability/CVE-2022-20764,Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities,"Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Roomos Software,6.5,MEDIUM,0.0018700000364333391,false,,false,false,true,2024-08-03T03:15:40.000Z,,false,false,,2022-05-04T00:00:00.000Z,0
CVE-2022-20783,https://securityvulnerability.io/vulnerability/CVE-2022-20783,Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability,"A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted H.323 traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device.",Cisco,Cisco Roomos Software,7.5,HIGH,0.0015899999998509884,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-04-21T19:15:00.000Z,0
CVE-2021-34758,https://securityvulnerability.io/vulnerability/CVE-2021-34758,Cisco TelePresence Collaboration Endpoint and  RoomOS Software Denial of Service Vulnerability,"A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.",Cisco,Cisco Roomos Software,4.4,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T02:15:22.000Z,,false,false,,2021-10-06T00:00:00.000Z,0