CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20776 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20776
26 Oct 2022 — Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en el software Cisco TelePresence Collaboration Endpoint (CE) y en el software Cisco RoomOS podrían permitir a un atacante conducir ataques de salto de rutas,... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20811 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20811
26 Oct 2022 — Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en el software Cisco TelePresence Collaboration Endpoint (CE) y en el software Cisco RoomOS podrían permitir a un atacante conducir ataques de salto de rutas,... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20794 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20794
04 May 2022 — Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el motor web del software Cisco TelePresence Collaboration Endpoint (CE) y del softwar... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ROS-DOS-X7H7XhkK • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20764 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20764
04 May 2022 — Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el motor web del software Cisco TelePresence Collaboration Endpoint (CE) y del softwar... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ROS-DOS-X7H7XhkK • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20783 – Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20783
21 Apr 2022 — A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted H.323 traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to either reboot nor... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ce-roomos-dos-c65x2Qf2 • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34758 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34758
06 Oct 2021 — A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the dev... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1532 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2021-1532
06 May 2021 — A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation of command arguments. An attacker could exploit this vulnerability by sending a crafted command request to the xAPI. A successful exploit could allow the attacker to read the contents of any file that is located ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-rmos-fileread-pE9sL3g • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-15288 – Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-15288
26 Nov 2019 — A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted us... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roomos-privesc • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15967 – Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability
https://notcve.org/view.php?id=CVE-2019-15967
26 Nov 2019 — A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit this vulnerability by gaining unrestricted access to the restricted shell and using the specific debug commands. A successful exploit could allow the attacker to enable the microphone of an affected device to record... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telece-ros-eve • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-12622 – Cisco RoomOS Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-12622
21 Aug 2019 — A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc • CWE-275: Permission Issues •