A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote malicious user to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the malicious user to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco ex60_firmware - |
||
cisco ex90_firmware - |
||
cisco sx10_firmware - |
||
cisco sx20_firmware - |
||
cisco sx80_firmware - |
||
cisco telepresence_codec_c40_firmware - |
||
cisco telepresence_codec_c60_firmware - |
||
cisco telepresence_codec_c90_firmware - |
||
cisco telepresence_mx200_firmware - |
||
cisco telepresence_mx300_firmware - |
||
cisco telepresence_mx700_firmware - |
||
cisco telepresence_mx800_firmware - |
||
cisco webex_board_55_firmware - |
||
cisco webex_board_55s_firmware - |
||
cisco webex_board_70_firmware - |
||
cisco webex_board_70s_firmware - |
||
cisco webex_board_85s_firmware - |
||
cisco webex_dx70_firmware - |
||
cisco webex_dx80_firmware - |
||
cisco webex_room_55_firmware - |
||
cisco webex_room_70_firmware - |
Vulmon