CVE-2020-3143

Severity CVSS v4.0:

Pending analysis

Type:

CWE-22 Path Traversal

Publication date:

23/09/2020

Last modified:

05/10/2020

Description

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.20 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

7.20

Severity 3.x

HIGH

Vector 2.0

AV:N/AC:L/Au:S/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 9.00 HIGH
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

9.00

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:cisco:ex60_firmware:-:::::::*
cpe:2.3:h:cisco:ex60:-:::::::*
cpe:2.3:o:cisco:ex90_firmware:-:::::::*
cpe:2.3:h:cisco:ex90:-:::::::*
cpe:2.3:o:cisco:sx10_firmware:-:::::::*
cpe:2.3:h:cisco:sx10:-:::::::*
cpe:2.3:o:cisco:sx20_firmware:-:::::::*
cpe:2.3:h:cisco:sx20:-:::::::*
cpe:2.3:o:cisco:sx80_firmware:-:::::::*
cpe:2.3:h:cisco:sx80:-:::::::*
cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:::::::*
cpe:2.3:h:cisco:telepresence_codec_c40:-:::::::*
cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:::::::*
cpe:2.3:h:cisco:telepresence_codec_c60:-:::::::*
cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ

CPE	From	Up to
cpe:2.3:o:cisco:ex60_firmware:-:::::::*
cpe:2.3:h:cisco:ex60:-:::::::*
cpe:2.3:o:cisco:ex90_firmware:-:::::::*
cpe:2.3:h:cisco:ex90:-:::::::*
cpe:2.3:o:cisco:sx10_firmware:-:::::::*
cpe:2.3:h:cisco:sx10:-:::::::*
cpe:2.3:o:cisco:sx20_firmware:-:::::::*
cpe:2.3:h:cisco:sx20:-:::::::*
cpe:2.3:o:cisco:sx80_firmware:-:::::::*
cpe:2.3:h:cisco:sx80:-:::::::*
cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:::::::*
cpe:2.3:h:cisco:telepresence_codec_c40:-:::::::*
cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:::::::*
cpe:2.3:h:cisco:telepresence_codec_c60:-:::::::*
cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:::::::*