Headline
CVE-2022-20776: Cisco Security Advisory: Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.
Details about the vulnerabilities are as follows:
CVE-2022-20811: Cisco TelePresence CE and RoomOS Software Path Traversal Vulnerability
A vulnerability in the video endpoint xAPI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the device and escalate privileges from admin to root. To exploit this vulnerability, an attacker would need to have an Administrator account.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCwb29733
CVE ID: CVE-2022-20811
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:NCVE-2022-20776: Cisco TelePresence CE and RoomOS Software Path Traversal Vulnerability
A vulnerability in the video endpoint xAPI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to conduct directory traversal attacks on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system and escalate privileges from admin to root. To exploit this vulnerability, an attacker would need to have an Administrator account.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCwc21962
CVE ID: CVE-2022-20776
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.1
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:NCVE-2022-20953: Cisco TelePresence CE and RoomOS Software Information Disclosure Vulnerability
A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to view sensitive information on an affected device.
This vulnerability exists because excessive permissions have been assigned to system commands. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to monitor keystrokes of a USB keyboard that is attached to the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCwc47215
CVE ID: CVE-2022-20953
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.0
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NCVE-2022-20954: Cisco TelePresence CE and RoomOS Software Arbitrary File Write Vulnerability
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system.
This vulnerability is due to improper access controls on files that are within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCwc47220
CVE ID: CVE-2022-20954
Security Impact Rating (SIR): Medium
CVSS Base Score: 4.4
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NCVE-2022-20955: Cisco TelePresence CE and RoomOS Software Arbitrary File Write Vulnerability
A vulnerability in the Cisco TelePresence CE and RoomOS Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system.
This vulnerability is due to improper access controls on files that are within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCwc47228
CVE ID: CVE-2022-20955
Security Impact Rating (SIR): Medium
CVSS Base Score: 4.4
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N