// For flags

CVE-2020-3143

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.

Una vulnerabilidad en la API del endpoint de video (xAPI) de Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, y Cisco RoomOS Software, podría permitir a un atacante remoto autenticado conducir ataques de salto de directorio en un dispositivo afectado. La vulnerabilidad es debido a una comprobación insuficiente de la entrada suministrada por el usuario para la xAPI del software afectado. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición diseñada hacia la xAPI. Una explotación con éxito podría permitir al atacante leer y escribir archivos arbitrarios en el sistema. Para explotar esta vulnerabilidad, un atacante podría necesitar un In-Room Control o una cuenta de administrador

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-12 CVE Reserved
  • 2020-09-23 CVE Published
  • 2024-02-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ex60 Firmware
Search vendor "Cisco" for product "Ex60 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Ex60
Search vendor "Cisco" for product "Ex60"
--
Safe
Cisco
Search vendor "Cisco"
Ex90 Firmware
Search vendor "Cisco" for product "Ex90 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Ex90
Search vendor "Cisco" for product "Ex90"
--
Safe
Cisco
Search vendor "Cisco"
Sx10 Firmware
Search vendor "Cisco" for product "Sx10 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Sx10
Search vendor "Cisco" for product "Sx10"
--
Safe
Cisco
Search vendor "Cisco"
Sx20 Firmware
Search vendor "Cisco" for product "Sx20 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Sx20
Search vendor "Cisco" for product "Sx20"
--
Safe
Cisco
Search vendor "Cisco"
Sx80 Firmware
Search vendor "Cisco" for product "Sx80 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Sx80
Search vendor "Cisco" for product "Sx80"
--
Safe
Cisco
Search vendor "Cisco"
Telepresence Codec C40 Firmware
Search vendor "Cisco" for product "Telepresence Codec C40 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Telepresence Codec C40
Search vendor "Cisco" for product "Telepresence Codec C40"
--
Safe
Cisco
Search vendor "Cisco"
Telepresence Codec C60 Firmware
Search vendor "Cisco" for product "Telepresence Codec C60 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Telepresence Codec C60
Search vendor "Cisco" for product "Telepresence Codec C60"
--
Safe
Cisco
Search vendor "Cisco"
Telepresence Codec C90 Firmware
Search vendor "Cisco" for product "Telepresence Codec C90 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Telepresence Codec C90
Search vendor "Cisco" for product "Telepresence Codec C90"
--
Safe
Cisco
Search vendor "Cisco"
Telepresence Mx200 Firmware
Search vendor "Cisco" for product "Telepresence Mx200 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Telepresence Mx200
Search vendor "Cisco" for product "Telepresence Mx200"
--
Safe
Cisco
Search vendor "Cisco"
Telepresence Mx300 Firmware
Search vendor "Cisco" for product "Telepresence Mx300 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Telepresence Mx300
Search vendor "Cisco" for product "Telepresence Mx300"
--
Safe
Cisco
Search vendor "Cisco"
Telepresence Mx700 Firmware
Search vendor "Cisco" for product "Telepresence Mx700 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Telepresence Mx700
Search vendor "Cisco" for product "Telepresence Mx700"
--
Safe
Cisco
Search vendor "Cisco"
Telepresence Mx800 Firmware
Search vendor "Cisco" for product "Telepresence Mx800 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Telepresence Mx800
Search vendor "Cisco" for product "Telepresence Mx800"
--
Safe
Cisco
Search vendor "Cisco"
Webex Board 55 Firmware
Search vendor "Cisco" for product "Webex Board 55 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Webex Board 55
Search vendor "Cisco" for product "Webex Board 55"
--
Safe
Cisco
Search vendor "Cisco"
Webex Board 55s Firmware
Search vendor "Cisco" for product "Webex Board 55s Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Webex Board 55s
Search vendor "Cisco" for product "Webex Board 55s"
--
Safe
Cisco
Search vendor "Cisco"
Webex Board 70 Firmware
Search vendor "Cisco" for product "Webex Board 70 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Webex Board 70
Search vendor "Cisco" for product "Webex Board 70"
--
Safe
Cisco
Search vendor "Cisco"
Webex Board 70s Firmware
Search vendor "Cisco" for product "Webex Board 70s Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Webex Board 70s
Search vendor "Cisco" for product "Webex Board 70s"
--
Safe
Cisco
Search vendor "Cisco"
Webex Board 85s Firmware
Search vendor "Cisco" for product "Webex Board 85s Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Webex Board 85s
Search vendor "Cisco" for product "Webex Board 85s"
--
Safe
Cisco
Search vendor "Cisco"
Webex Dx70 Firmware
Search vendor "Cisco" for product "Webex Dx70 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Webex Dx70
Search vendor "Cisco" for product "Webex Dx70"
--
Safe
Cisco
Search vendor "Cisco"
Webex Dx80 Firmware
Search vendor "Cisco" for product "Webex Dx80 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Webex Dx80
Search vendor "Cisco" for product "Webex Dx80"
--
Safe
Cisco
Search vendor "Cisco"
Webex Room 55 Firmware
Search vendor "Cisco" for product "Webex Room 55 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Webex Room 55
Search vendor "Cisco" for product "Webex Room 55"
--
Safe
Cisco
Search vendor "Cisco"
Webex Room 70 Firmware
Search vendor "Cisco" for product "Webex Room 70 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Webex Room 70
Search vendor "Cisco" for product "Webex Room 70"
--
Safe