CVE-2023-20002

MEDIUM

Cisco TelePresence CE - Auth Bypass

Title source: llm

Description

A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK

Scores

CVSS v3 4.4

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-918

Status published

Products (42)

cisco/roomos 10.3.2.0

cisco/roomos 10.3.4.0

cisco/roomos 10.8.2.5

cisco/roomos 10.8.4.0

cisco/roomos 10.11.3.0

cisco/roomos 10.11.5.2

cisco/roomos 10.15.3.0

cisco/telepresence_collaboration_endpoint 8.1.1

cisco/telepresence_collaboration_endpoint 8.3.0

cisco/telepresence_collaboration_endpoint 8.3.5

... and 32 more

Published Jan 20, 2023

Tracked Since Feb 18, 2026