← Back

CVE-2020-3143

nvd nist
Published: Sep 23, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.

Affected (21)

Cisco
21 products
Ex60 Firmware
Ex90 Firmware
Sx10 Firmware
Sx20 Firmware
Sx80 Firmware
Telepresence Codec C40 Firmware
Telepresence Codec C60 Firmware
Telepresence Codec C90 Firmware
Telepresence Mx200 Firmware
Telepresence Mx300 Firmware
Telepresence Mx700 Firmware
Telepresence Mx800 Firmware
Webex Board 55 Firmware
Webex Board 55s Firmware
Webex Board 70 Firmware
Webex Board 70s Firmware
Webex Board 85s Firmware
Webex Dx70 Firmware
Webex Dx80 Firmware
Webex Room 55 Firmware
Webex Room 70 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ex60 Firmware
All versions
Running on/withPlatform Versions
Cisco
Ex60
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ex90 Firmware
All versions
Running on/withPlatform Versions
Cisco
Ex90
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sx10 Firmware
All versions
Running on/withPlatform Versions
Cisco
Sx10
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sx20 Firmware
All versions
Running on/withPlatform Versions
Cisco
Sx20
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sx80 Firmware
All versions
Running on/withPlatform Versions
Cisco
Sx80
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Telepresence Codec C40 Firmware
All versions
Running on/withPlatform Versions
Cisco
Telepresence Codec C40
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Telepresence Codec C60 Firmware
All versions
Running on/withPlatform Versions
Cisco
Telepresence Codec C60
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Telepresence Codec C90 Firmware
All versions
Running on/withPlatform Versions
Cisco
Telepresence Codec C90
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Telepresence Mx200 Firmware
All versions
Running on/withPlatform Versions
Cisco
Telepresence Mx200
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Telepresence Mx300 Firmware
All versions
Running on/withPlatform Versions
Cisco
Telepresence Mx300
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Telepresence Mx700 Firmware
All versions
Running on/withPlatform Versions
Cisco
Telepresence Mx700
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Telepresence Mx800 Firmware
All versions
Running on/withPlatform Versions
Cisco
Telepresence Mx800
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webex Board 55 Firmware
All versions
Running on/withPlatform Versions
Cisco
Webex Board 55
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webex Board 55s Firmware
All versions
Running on/withPlatform Versions
Cisco
Webex Board 55s
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webex Board 70 Firmware
All versions
Running on/withPlatform Versions
Cisco
Webex Board 70
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webex Board 70s Firmware
All versions
Running on/withPlatform Versions
Cisco
Webex Board 70s
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webex Board 85s Firmware
All versions
Running on/withPlatform Versions
Cisco
Webex Board 85s
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webex Dx70 Firmware
All versions
Running on/withPlatform Versions
Cisco
Webex Dx70
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webex Dx80 Firmware
All versions
Running on/withPlatform Versions
Cisco
Webex Dx80
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webex Room 55 Firmware
All versions
Running on/withPlatform Versions
Cisco
Webex Room 55
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webex Room 70 Firmware
All versions
Running on/withPlatform Versions
Cisco
Webex Room 70
All versions

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.