CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20953 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20953
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en el software Cisco TelePresence Collaboration Endpoint (CE) y en el software Cisco RoomOS podrían permitir a un atacante conducir ataques de salto de ruta, visualizar datos confidenciales o escribir archivos arbitrarios en un dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20811 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20811
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en el software Cisco TelePresence Collaboration Endpoint (CE) y en el software Cisco RoomOS podrían permitir a un atacante conducir ataques de salto de rutas, visualizar datos confidenciales o escribir archivos arbitrarios en un dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20768 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20768
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-infodisc-YOTz9Ct7 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20794 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20794
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el motor web del software Cisco TelePresence Collaboration Endpoint (CE) y del software Cisco RoomOS podrían permitir a un atacante remoto causar una condición de denegación de servicio (DoS), visualizar datos confidenciales en un dispositivo afectado o redirigir a usuarios a un destino controlado por el atacante. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ROS-DOS-X7H7XhkK • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20764 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20764
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el motor web del software Cisco TelePresence Collaboration Endpoint (CE) y del software Cisco RoomOS podrían permitir a un atacante remoto causar una condición de denegación de servicio (DoS), visualizar datos confidenciales en un dispositivo afectado o redirigir a usuarios a un destino controlado por el atacante. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ROS-DOS-X7H7XhkK • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •