A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation of command arguments. An attacker could exploit this vulnerability by sending a crafted command request to the xAPI. A successful exploit could allow the attacker to read the contents of any file that is located on the device filesystem.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2021-05-06T12:51:29.224987Z
Updated: 2024-09-16T19:14:12.564Z
Reserved: 2020-11-13T00:00:00
Link: CVE-2021-1532
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-05-06T13:15:11.130
Modified: 2023-11-07T03:28:33.253
Link: CVE-2021-1532
Redhat
No data.