Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2020-3143
HistorySep 23, 2020 - 1:15 a.m.

CVE-2020-3143

2020-09-2301:15:15
CWE-22
cisco
web.nvd.nist.gov
88
1
cve-2020-3143
cisco
telepresence
xapi
directory traversal
authentication
remote attacker
vulnerability
nvd

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.

Affected configurations

Nvd
Node
ciscoex60Match-
AND
ciscoex60_firmwareMatch-
Node
ciscoex90Match-
AND
ciscoex90_firmwareMatch-
Node
ciscosx10Match-
AND
ciscosx10_firmwareMatch-
Node
ciscosx20Match-
AND
ciscosx20_firmwareMatch-
Node
ciscosx80Match-
AND
ciscosx80_firmwareMatch-
Node
ciscotelepresence_codec_c40Match-
AND
ciscotelepresence_codec_c40_firmwareMatch-
Node
ciscotelepresence_codec_c60Match-
AND
ciscotelepresence_codec_c60_firmwareMatch-
Node
ciscotelepresence_codec_c90Match-
AND
ciscotelepresence_codec_c90_firmwareMatch-
Node
ciscotelepresence_mx200_firmwareMatch-
AND
ciscotelepresence_mx200Match-
Node
ciscotelepresence_mx300_firmwareMatch-
AND
ciscotelepresence_mx300Match-
Node
ciscotelepresence_mx700_firmwareMatch-
AND
ciscotelepresence_mx700Match-
Node
ciscotelepresence_mx800_firmwareMatch-
AND
ciscotelepresence_mx800Match-
Node
ciscowebex_board_55_firmwareMatch-
AND
ciscowebex_board_55Match-
Node
ciscowebex_board_55s_firmwareMatch-
AND
ciscowebex_board_55sMatch-
Node
ciscowebex_board_70_firmwareMatch-
AND
ciscowebex_board_70Match-
Node
ciscowebex_board_70s_firmwareMatch-
AND
ciscowebex_board_70sMatch-
Node
ciscowebex_board_85s_firmwareMatch-
AND
ciscowebex_board_85sMatch-
Node
ciscowebex_dx70_firmwareMatch-
AND
ciscowebex_dx70Match-
Node
ciscowebex_dx80_firmwareMatch-
AND
ciscowebex_dx80Match-
Node
ciscowebex_room_55_firmwareMatch-
AND
ciscowebex_room_55Match-
Node
ciscowebex_room_70_firmwareMatch-
AND
ciscowebex_room_70Match-
VendorProductVersionCPE
ciscoex60-cpe:2.3:h:cisco:ex60:-:*:*:*:*:*:*:*
ciscoex60_firmware-cpe:2.3:o:cisco:ex60_firmware:-:*:*:*:*:*:*:*
ciscoex90-cpe:2.3:h:cisco:ex90:-:*:*:*:*:*:*:*
ciscoex90_firmware-cpe:2.3:o:cisco:ex90_firmware:-:*:*:*:*:*:*:*
ciscosx10-cpe:2.3:h:cisco:sx10:-:*:*:*:*:*:*:*
ciscosx10_firmware-cpe:2.3:o:cisco:sx10_firmware:-:*:*:*:*:*:*:*
ciscosx20-cpe:2.3:h:cisco:sx20:-:*:*:*:*:*:*:*
ciscosx20_firmware-cpe:2.3:o:cisco:sx20_firmware:-:*:*:*:*:*:*:*
ciscosx80-cpe:2.3:h:cisco:sx80:-:*:*:*:*:*:*:*
ciscosx80_firmware-cpe:2.3:o:cisco:sx80_firmware:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 421

CNA Affected

[
  {
    "product": "Cisco TelePresence TC Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
nvd 1
nessus 1
prion 1
cisco 1
cvelist
cvelist
CVE-2020-3143 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability
2020-09-23 00:25:21
nvd
nvd
CVE-2020-3143
2020-09-23 01:15:15
nessus
nessus
Cisco TelePresence Endpoint Software Path Traversal (cisco-sa-telepresence-path-tr-wdrnYEZZ)
2020-02-07 00:00:00
prion
prion
Directory traversal
2020-09-23 01:15:00
cisco
cisco
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability
2020-01-22 16:00:00

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON
Related for CVE-2020-3143
cvelist1nvd1nessus1prion1cisco1