Unrated severityNVD Advisory· Published Nov 15, 2024· Updated Nov 15, 2024

Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability

CVE-2023-20094

Description

A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device.

This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information. Note: This vulnerability only affects Cisco Webex Desk Hub. There are no workarounds that address this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Cisco Systems, Inc./Webex Desk Hubllm-create
Cisco Systems, Inc./RoomOS Softwarecpe-rescue
Range: N/A
Cisco Systems, Inc./TelePresence Collaboration Endpoint (CE) Softwarecpe-rescue
Range: N/A

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKfmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000