Cisco TelePresence Collaboration Endpoint/RoomOS path traversal
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.5 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Cisco TelePresence Collaboration Endpoint and RoomOS and classified as critical. This vulnerability affects unknown code. Performing a manipulation results in an unknown weakness. This vulnerability is known as CVE-2023-20090. Attacking locally is a requirement. No exploit is available. The affected component should be upgraded.
Details
A vulnerability classified as critical has been found in Cisco TelePresence Collaboration Endpoint and RoomOS (Unified Communication Software) (the affected version unknown). CWE is classifying the issue as CWE-27. The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
The weakness was published 04/19/2023 as cisco-sa-roomos-file-write-rHKwegKf. The advisory is shared at sec.cloudapps.cisco.com. This vulnerability is uniquely identified as CVE-2023-20090. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1006 for this issue.
Upgrading eliminates this vulnerability.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.7VulDB Meta Temp Score: 6.6
VulDB Base Score: 6.7
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 6.7
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Path traversalCWE: CWE-27 / CWE-23 / CWE-22
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
04/19/2023 🔍04/19/2023 🔍
07/30/2025 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-roomos-file-write-rHKwegKf
Status: Confirmed
CVE: CVE-2023-20090 (🔍)
GCVE (CVE): GCVE-0-2023-20090
GCVE (VulDB): GCVE-100-226845
Entry
Created: 04/19/2023 21:27Updated: 07/30/2025 20:32
Changes: 04/19/2023 21:27 (35), 07/30/2025 20:32 (27)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.