CVE-2023-20092: Three Vulnerabilities in Cisco TelePresence CE and RoomOS CLI Allow Authenticated Local Attackers to Overwrite Arbitrary Files

Recently, three vulnerabilities (CVE-2023-20092) were discovered in the command line interface (CLI) of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS software. These vulnerabilities could potentially allow an authenticated local attacker to overwrite arbitrary files on the local file system of an affected device.

These vulnerabilities stem from improper access controls on files that are stored on the local file system. An attacker could exploit them by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the targeted device. However, to exploit these vulnerabilities, the attacker would need to have a remote support user account.

Notably, CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.

Cisco has already released software updates that address these vulnerabilities, and there are no workarounds that address them.

A sample symbolic link creation can be illustrated in a Linux shell as follows

ln -s /path/to/target/file /path/to/specific/location

Where

- /path/to/target/file is the path to the file that the attacker wants to overwrite.
- /path/to/specific/location is the specific location where the attacker wants to place the symbolic link on the local file system of an affected device.

Exploit Details

The three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could be exploited by placing a symbolic link in a specific location on the local file system of an affected device. The main objective of the attacker would be to overwrite arbitrary files on the targeted device, potentially gaining unauthorized access or causing a denial of service.

Original References

Cisco has published detailed information about these vulnerabilities, including affected products, software updates, and workarounds in their advisory:

- Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twc-cmdinj-RtSdRFjF

As a user of Cisco TelePresence CE or RoomOS devices, it's crucial to stay informed about potential vulnerabilities and software updates. We highly recommend reviewing the information provided by Cisco in its advisory and applying the necessary software updates to mitigate risk and protect your devices from potential exploitation.

Timeline

Published on: 11/15/2024 16:15:25 UTC
Last modified on: 11/18/2024 17:11:56 UTC