A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Cisco
  • Ex60
  • Ex60 Firmware
  • Ex90
  • Ex90 Firmware
  • Sx10
  • Sx10 Firmware
  • Sx20
  • Sx20 Firmware
  • Sx80
  • Sx80 Firmware
  • Telepresence Codec C40
  • Telepresence Codec C40 Firmware
  • Telepresence Codec C60
  • Telepresence Codec C60 Firmware
  • Telepresence Codec C90
  • Telepresence Codec C90 Firmware
  • Telepresence Mx200
  • Telepresence Mx200 Firmware
  • Telepresence Mx300
  • Telepresence Mx300 Firmware
  • Telepresence Mx700
  • Telepresence Mx700 Firmware
  • Telepresence Mx800
  • Telepresence Mx800 Firmware
  • Webex Board 55
  • Webex Board 55 Firmware
  • Webex Board 55s
  • Webex Board 55s Firmware
  • Webex Board 70
  • Webex Board 70 Firmware
  • Webex Board 70s
  • Webex Board 70s Firmware
  • Webex Board 85s
  • Webex Board 85s Firmware
  • Webex Dx70
  • Webex Dx70 Firmware
  • Webex Dx80
  • Webex Dx80 Firmware
  • Webex Room 55
  • Webex Room 55 Firmware
  • Webex Room 70
  • Webex Room 70 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:cisco:ex60_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ex60:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:cisco:ex90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ex90:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:cisco:sx10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:sx10:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:cisco:sx20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:sx20:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:cisco:sx80_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:sx80:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:cisco:telepresence_mx200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_mx200:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:cisco:telepresence_mx300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_mx300:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:cisco:telepresence_mx700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_mx700:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:cisco:telepresence_mx800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_mx800:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:cisco:webex_board_55_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:webex_board_55:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:cisco:webex_board_55s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:webex_board_55s:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:cisco:webex_board_70_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:webex_board_70:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:cisco:webex_board_70s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:webex_board_70s:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:cisco:webex_board_85s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:webex_board_85s:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:cisco:webex_dx70_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:webex_dx70:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:cisco:webex_dx80_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:webex_dx80:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:cisco:webex_room_55_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:webex_room_55:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:cisco:webex_room_70_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:webex_room_70:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ cve-icon cve-icon
History

Wed, 13 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-09-23T00:25:21.647542Z

Updated: 2024-11-13T18:06:58.585Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3143

cve-icon Vulnrichment

Updated: 2024-08-04T07:24:00.620Z

cve-icon NVD

Status : Modified

Published: 2020-09-23T01:15:15.410

Modified: 2024-11-21T05:30:24.860

Link: CVE-2020-3143

cve-icon Redhat

No data.