Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2022-20931 A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control.
low complexity
CWE-527
6.5
6.5
2024-11-15 CVE-2022-20939 A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information.
network
low complexity
CWE-922
4.3
4.3
2024-11-15 CVE-2022-20948 A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation.
network
low complexity
CWE-79
5.4
5.4
2024-11-15 CVE-2023-20004 Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system.
local
low complexity
CWE-59
4.4
4.4
2024-11-15 CVE-2023-20036 A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack.
network
low complexity
CWE-78
critical
 9.9
9.9
2024-11-15 CVE-2023-20060 A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
CWE-79
6.1
6.1
2024-11-15 CVE-2023-20090 A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands.
local
low complexity
CWE-27
6.7
6.7
2024-11-15 CVE-2023-20091 A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system.
local
low complexity
CWE-61
5.1
5.1
2024-11-15 CVE-2023-20092 Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system.
local
low complexity
 4.4
4.4
2024-11-15 CVE-2023-20093 Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system.
local
low complexity
CWE-61
4.4
4.4