SSRF in Cisco Roomos Software
CVE-2023-20002
A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.001 (19.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.
Affected products
- Cisco Roomos Software — versions RoomOS 10.3.2.0, RoomOS 10.3.4.0, RoomOS 10.8.2.5
- Cisco Telepresence Endpoint Software (Tc/ce) — versions CE9.0.1, CE9.1.1, CE9.1.2
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2023-20002?
- CVE-2023-20002 is a medium-severity vulnerability in Cisco Roomos Software, classified under Server-Side Request Forgery (SSRF). CVSS score: 4.4/10. Published 2023-01-19.
- How severe is CVE-2023-20002?
- Medium severity. CVSS v3 base score is 4.4 out of 10.