CVE-2023-20008

HIGH Year: 2023
CVSS v3 Score
7.1
High
Weakness Type
CWE-59
View all →

Vulnerability Description

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

Related Vulnerabilities

CVE-2003-0844

HIGH
CVSS:7.1(High)

mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on pre...

CWE-592003

CVE-2004-0689

HIGH
CVSS:7.1(High)

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

CWE-592004

CVE-2010-2064

HIGH
CVSS:7.1(High)

rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.

CWE-592010

CVE-2011-3351

HIGH
CVSS:7.1(High)

openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw...

CWE-592011

CVE-2011-3632

HIGH
CVSS:7.1(High)

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.

CWE-592011

CVE-2013-0159

HIGH
CVSS:7.1(High)

The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlin...

CWE-592013