How severe is CVE-2023-20004?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2023-20004?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2023-20004

MEDIUM Year: 2023

CVSS v3 Score

4.4

Medium

Weakness Type

CWE-59

View all →

Vulnerability Description

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account. Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

CVE-2018-1063

MEDIUM

CVSS:4.4(Medium)

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restri...

CWE-592018

CVE-2019-11230

MEDIUM

CVSS:4.4(Medium)

In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to wr...

CWE-592019

CVE-2020-15401

MEDIUM

CVSS:4.4(Medium)

IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link.

CWE-592020

CVE-2020-3835

MEDIUM

CVSS:4.4(Medium)

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be abl...

CWE-592020

CVE-2022-20103

MEDIUM

CVSS:4.4(Medium)

In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is n...

CWE-592022

CVE-2022-26456

MEDIUM

CVSS:4.4(Medium)

In vow, there is a possible information disclosure due to a symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not ne...

CWE-592022

CVE-2023-20004

Vulnerability Description

Related Vulnerabilities

CVE-2018-1063

CVE-2019-11230

CVE-2020-15401

CVE-2020-3835

CVE-2022-20103

CVE-2022-26456