CVE CyberSecurity Database News

CVE-2023-20091 - Critical Vulnerability in Cisco TelePresence CE and RoomOS CLI Allows Local File Overwrite

Poster -

A critical vulnerability has been discovered in the Command Line Interface (CLI) of Cisco TelePresence CE and RoomOS that could potentially allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. The vulnerability is attributed to improper access control implementation on files present in the local file system. To exploit this vulnerability, an attacker would need to possess a remote support user account.

In this post, we will discuss the details of this vulnerability, its potential impact, and the fixes that have been released by Cisco to address the issue.

Vulnerability Details (CVE-2023-20091)

This vulnerability exists due to improper access controls on the local file system files of Cisco TelePresence CE and RoomOS devices. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. Upon a successful exploit, the attacker can overwrite arbitrary files on the device, potentially leading to severe consequences.

The following code snippet demonstrates the exploitation of this vulnerability

# Establish a connection to the affected device as a remote support user
ssh remote_support_user@<device_ip>

# Access the vulnerable CLI
enter_vulnerable_cli

# Place a symbolic link in the specific location on the local file system
ln -s /path/to/target/file /path/to/specific/location

# Overwrite the target file via the symbolic link
overwrite_file /path/to/specific/location

Original References

- Cisco Security Advisory: CUSTOM_URL
- National Vulnerability Database: CUSTOM_URL

Solution and Mitigation

Cisco has released software updates addressing this vulnerability, and it is highly recommended that users of the affected devices apply these updates as soon as possible. The updates can be downloaded from the following links:
- Cisco TelePresence CE: CUSTOM_URL
- Cisco RoomOS: CUSTOM_URL

There are no workarounds available for this vulnerability, and applying the released software updates is the only effective mitigation.

Conclusion

The CVE-2023-20091 vulnerability in the CLI of Cisco TelePresence CE and RoomOS presents a critical risk and should be addressed by applying the released software updates immediately. Users should remain vigilant and monitor their devices for any signs of suspicious activity.

Timeline

Published on: 11/15/2024 16:15:25 UTC