HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-3143

CVSS 7.2v3.1pub. 2020-09-23upd. 2024-11-21

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Cisco Ex60

    HW
    Cisco
    wszystkie wersje
  • Cisco Ex60 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Ex90

    HW
    Cisco
    wszystkie wersje
  • Cisco Ex90 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Sx10

    HW
    Cisco
    wszystkie wersje
  • Cisco Sx10 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Sx20

    HW
    Cisco
    wszystkie wersje
  • Cisco Sx20 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Sx80

    HW
    Cisco
    wszystkie wersje
  • Cisco Sx80 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Telepresence Codec C40

    HW
    Cisco
    wszystkie wersje
  • Cisco Telepresence Codec C40 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Telepresence Codec C60

    HW
    Cisco
    wszystkie wersje
  • Cisco Telepresence Codec C60 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Telepresence Codec C90

    HW
    Cisco
    wszystkie wersje
  • Cisco Telepresence Codec C90 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Telepresence Mx200

    HW
    Cisco
    wszystkie wersje
  • Cisco Telepresence Mx200 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Telepresence Mx300

    HW
    Cisco
    wszystkie wersje
  • Cisco Telepresence Mx300 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Telepresence Mx700

    HW
    Cisco
    wszystkie wersje
  • Cisco Telepresence Mx700 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Telepresence Mx800

    HW
    Cisco
    wszystkie wersje
  • Cisco Telepresence Mx800 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Webex Board 55

    HW
    Cisco
    wszystkie wersje
  • Cisco Webex Board 55 Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Webex Board 55s

    HW
    Cisco
    wszystkie wersje
  • Cisco Webex Board 55s Firmware

    OS
    Cisco
    wszystkie wersje
  • Cisco Webex Board 70

    HW
    Cisco
    wszystkie wersje
  • Cisco Webex Board 70 Firmware

    OS
    Cisco
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2019-15289HIGH7.5ten sam produkt

Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco Room...

CVE-2020-3155HIGH7.4ten sam produkt

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthent...

CVE-2013-3377HIGH7.8ten sam produkt

Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a den...

CVE-2011-2543HIGH9.0ten sam produkt

Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allo...

CVE-2011-2577HIGH7.8ten sam produkt

Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series ...