mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-01 03:01:36 +00:00
332 lines
13 KiB
JSON
332 lines
13 KiB
JSON
{
|
|
"id": "CVE-2023-20002",
|
|
"sourceIdentifier": "psirt@cisco.com",
|
|
"published": "2023-01-20T07:15:12.450",
|
|
"lastModified": "2024-11-21T07:40:19.027",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad en Cisco TelePresence CE y el software RoomOS podr\u00eda permitir que un atacante local autenticado evite los controles de acceso y realice un ataque SSRF a trav\u00e9s de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n inadecuada de la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud manipulada a un usuario de la aplicaci\u00f3n web. Un exploit exitoso podr\u00eda permitir al atacante enviar solicitudes de red arbitrarias provenientes del sistema afectado."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "psirt@cisco.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
|
|
"baseScore": 4.4,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 2.5
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
|
|
"baseScore": 4.4,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 2.5
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "psirt@cisco.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-918"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-918"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:roomos:10.3.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4D83C41B-DD92-4B31-B2B3-BD831B908E22"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:roomos:10.3.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "83093692-59FB-4C24-AF96-A76DFADD37C1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:roomos:10.8.2.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CA3E919D-0686-4680-882C-7EB636EC1089"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:roomos:10.8.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AA427278-651C-47AB-996E-3B0BD307E34F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:roomos:10.11.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "293FE8EE-2C4E-4EA2-BBC7-680C08F45E11"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:roomos:10.11.5.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "23A27105-A41F-4814-BCA9-2DE3D1505D73"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:roomos:10.15.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EB29E8E8-74BD-430E-A12E-E91E27FF81A2"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9840947F-758C-4A97-B9D2-A9F1B414D6FA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2DDF553F-4945-43EB-9D87-2AD8464EE7BC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6C672A9A-3AD3-44B3-B8BE-1EA3A5AE9D2E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E22AE6C0-3FDE-435E-BA25-2664A2B9758C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4F2E8E40-3B18-49A6-B78C-472B5D55039D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "67604778-41A3-4519-B526-4807EBD8E61F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1F781A5E-C38E-4BE3-9F47-8B0392E6DEF0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "479C49D0-5279-4054-8440-9683624AC057"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B42E4172-2723-426D-AE73-453C74961885"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4C4770CB-A207-4D72-9EC0-2B6AEE9EC54E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F248A6D4-23C6-4D6D-B972-D6F9E711B61F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0559D1BB-51A9-4285-A845-ECB6A6B7D678"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C1ED50F6-B01C-4003-A797-109DA9A631FA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AD3C7127-EE08-4212-92DF-C8D568F2A453"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A4F86038-E6D2-4F6F-B768-68525833FD8E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2C931235-9560-4186-A339-167DAB5B7E15"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ABCAF219-6E5E-42BB-9892-B17D99634518"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0BA1A42D-D874-4DD4-BB08-AFFEE4EAD015"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B1785B2F-B319-403F-A106-9137B9D140BE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C73AE384-CF1A-4D57-8E95-4E2D5DFB1E04"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0FB34F64-D33A-4C32-9D18-5CAF45CB1933"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0C05E7CB-5ABF-4F61-B6B8-03F46B91FBF9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "906C8212-DD6A-4485-8629-EBEFC727C70D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "758679DD-D282-4FDC-9D46-BF698660C789"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F6F63CDD-D2B6-4FED-9C93-63AD60882EAB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A529A0C7-CCE3-4994-B412-0BEC7B4D2E9B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EE5CFE99-B3DB-429E-AEBA-3F863E29EDF5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "37AEF4D9-06A3-4A15-B310-F3F2896B0992"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "659220C8-4391-40C9-8047-8F761ECC58C1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "71A16E86-C21B-42B6-88A9-AF3CF0957C3E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "43DC02FB-1308-4505-BB12-BDBA971B48E6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EF3A23C7-7BB6-4A18-AFCF-47F508FA3561"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3800DAF9-E42F-474C-8C9C-F8A5934148D3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "310C0A56-6523-42EB-8BF2-4C13969D057E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F349CFD5-D70F-426C-B670-156FD558E50F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK",
|
|
"source": "psirt@cisco.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |