CVE-2020-3143 – Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-3143
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-3377
https://notcve.org/view.php?id=CVE-2013-3377
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743. Cisco TelePresence TC Software anterior a v5.1.7 y TE Software anterior a v4.1.3 permite a atacantes remotos causar una denegación de servicio (reinicio del dispositivo) mediante paquetes SIP especialmente diseñados, también conocido como Bug ID CSCue01743. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc • CWE-399: Resource Management Errors •
CVE-2011-2577 – Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-2577
Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500. Una vulnerabilidad no especificada en TelePresence C Series Endpoints de Cisco, unidades E/EX Personal Video, y MXP Series Codecs, cuando se utilizan las versiones de software anterior a versiones 4.0.0 o F9.1 del TC, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un paquete SIP diseñado al puerto 5060 o 5061, también se conoce como Bug ID CSCtq46500. Cisco TelePresensce Series suffers from client-side code execution, denial of service, cookie theft, loss of confidentiality, and impersonation vulnerabilities. • https://www.exploit-db.com/exploits/17871 http://securityreason.com/securityalert/8387 http://securityreason.com/securityalert/8389 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml http://www.exploit-db.com/exploits/17871 http://www.securityfocus.com/archive/1/519698/100/0/threaded http://www.securityfocus.com/bid/49392 http://www.securitytracker.com/id?1025994 https://exchange.xforce.ibmcloud.com/vulnerabilities/69513 •