Vulnerabilities > CVE-2023-20002 - Server-Side Request Forgery (SSRF) vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

local

low complexity

cisco

CWE-918

NVD

Published: 2023-01-20

Updated: 2024-01-25

Summary

A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Roomos 10.3.2.0 Cisco Roomos 10.3.4.0 Cisco Roomos 10.8.2.5 Cisco Roomos 10.11.5.2 Cisco Roomos 10.8.4.0 Cisco Roomos 10.11.3.0 Cisco Roomos 10.15.3.0	7
Application	Cisco Cisco Telepresence Collaboration Endpoint 8.1.1 Cisco Telepresence Collaboration Endpoint 8.3.0 Cisco Telepresence Collaboration Endpoint 8.3.5 Cisco Telepresence Collaboration Endpoint 9.0.1 Cisco Telepresence Collaboration Endpoint 9.1.1 Cisco Telepresence Collaboration Endpoint 9.1.2 Cisco Telepresence Collaboration Endpoint 9.1.3 Cisco Telepresence Collaboration Endpoint 9.1.4 Cisco Telepresence Collaboration Endpoint 9.1.5 Cisco Telepresence Collaboration Endpoint 9.1.6 Cisco Telepresence Collaboration Endpoint 9.10.1 Cisco Telepresence Collaboration Endpoint 9.10.2 Cisco Telepresence Collaboration Endpoint 9.10.3 Cisco Telepresence Collaboration Endpoint 9.12.4 Cisco Telepresence Collaboration Endpoint 9.12.5 Cisco Telepresence Collaboration Endpoint 9.12.3 Cisco Telepresence Collaboration Endpoint 9.13.0 Cisco Telepresence Collaboration Endpoint 9.13.1 Cisco Telepresence Collaboration Endpoint 9.13.3 Cisco Telepresence Collaboration Endpoint 9.13.2 Cisco Telepresence Collaboration Endpoint 9.2.1 Cisco Telepresence Collaboration Endpoint 9.2.2 Cisco Telepresence Collaboration Endpoint 9.2.3 Cisco Telepresence Collaboration Endpoint 9.2.4 Cisco Telepresence Collaboration Endpoint 9.9.3 Cisco Telepresence Collaboration Endpoint 9.9.4 Cisco Telepresence Collaboration Endpoint 9.14.3 Cisco Telepresence Collaboration Endpoint 9.14.5 Cisco Telepresence Collaboration Endpoint 9.14.4 Cisco Telepresence Collaboration Endpoint 9.14.6 Cisco Telepresence Collaboration Endpoint 9.15.0.11 Cisco Telepresence Collaboration Endpoint 9.15.0.10 Cisco Telepresence Collaboration Endpoint 9.15.10.8 Cisco Telepresence Collaboration Endpoint 9.15.3.26 Cisco Telepresence Collaboration Endpoint 9.15.3.25	35

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK