9
CVSSv2

CVE-2020-3143

Published: 23/09/2020 Updated: 05/10/2020
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote malicious user to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the malicious user to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ex60_firmware -

cisco ex90_firmware -

cisco sx10_firmware -

cisco sx20_firmware -

cisco sx80_firmware -

cisco telepresence_codec_c40_firmware -

cisco telepresence_codec_c60_firmware -

cisco telepresence_codec_c90_firmware -

cisco telepresence_mx200_firmware -

cisco telepresence_mx300_firmware -

cisco telepresence_mx700_firmware -

cisco telepresence_mx800_firmware -

cisco webex_board_55_firmware -

cisco webex_board_55s_firmware -

cisco webex_board_70_firmware -

cisco webex_board_70s_firmware -

cisco webex_board_85s_firmware -

cisco webex_dx70_firmware -

cisco webex_dx80_firmware -

cisco webex_room_55_firmware -

cisco webex_room_70_firmware -

Vendor Advisories

[CVE-2020-3143_su] A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device The vulnerability is due to insufficient vali ...