Cisco TelePresence CE Multiple Vulnerabilities (cisco-sa-roomos-trav-beFvCcyu)

high Nessus Plugin ID 166376

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco TelePresence Collaboration Endpoint Software is affected by multiple vulnerabilities:

- A vulnerability in Cisco TelePresence CE could allow an authenticated, local attacker to view sensitive information on an affected device. This vulnerability exists because excessive permissions have been assigned to system commands. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to monitor keystrokes of a USB keyboard that is attached to the affected device. (CVE-2022-20953)

- A vulnerability in the CLI of Cisco TelePresence CE could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files that are within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. (CVE-2022-20954)

- A vulnerability in the Cisco TelePresence CE could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files that are within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. (CVE-2022-20955)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwc47215, CSCwc47220 and CSCwc47228

See Also

http://www.nessus.org/u?bacc02de

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc47215

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc47220

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc47228

Plugin Details

Severity: High

ID: 166376

File Name: cisco-sa-roomos-trav-beFvCcyu.nasl

Version: 1.6

Type: remote

Family: CISCO

Published: 10/21/2022

Updated: 5/2/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:C

CVSS Score Source: CVE-2022-20955

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:telepresence_collaboration_endpoint

Required KB Items: Cisco/TelePresence_MCU/Device, Cisco/TelePresence_MCU/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/19/2022

Vulnerability Publication Date: 10/19/2022

Reference Information

CVE: CVE-2022-20953, CVE-2022-20954, CVE-2022-20955

CISCO-SA: cisco-sa-roomos-trav-beFvCcyu

IAVA: 2022-A-0439-S

CISCO-BUG-ID: CSCwc47215, CSCwc47220, CSCwc47228