All the vulnerabilites related to cisco - telepresence_codec_c90
Vulnerability from fkie_nvd
Published
2013-06-21 13:57
Modified
2024-11-21 01:53
Severity ?
Summary
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79D79CCC-6C2D-48ED-A377-96C11B52E1F5",
"versionEndIncluding": "5.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E492709-66DB-4491-AC15-550398099903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88A64CA3-C8E8-4DCB-B865-1767EE178F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A19AC9B-91B4-4691-BFB7-BEC9A3CD2678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4C16D2-4FFC-45C5-B3D8-26EF76482B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02184B87-A8D9-4445-A6FC-F1F5DDE0DBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEFCD2A-167A-4897-BF94-42876763F38B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A94F378C-506E-4C0A-A23A-1F71ABDBD7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB451E1B-9B64-434B-BA1E-FFE9CD472CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D46D718-4708-4018-A1E2-2094519E9E3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_video_phone_e20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFD8721-837D-4FD8-A84F-D844E5C199D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0754B77C-E888-461E-AA1E-74B78DA59B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF6AA3-4850-40A3-8211-82F60F14ACD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_ex60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2E19CC-A0CF-4A06-A8DC-85C056346F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_ex90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B508A1D2-4905-4AA0-A65C-DD4C4FD0A64A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "392D3BBE-8C2D-4643-95DB-79CF5CEDBC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63ED55F5-C88A-463D-9D5D-347D8C85AC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_profile_55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5898916F-DFF0-4474-A704-8330B6DC8056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_profile_65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28E0F948-CD09-4A2D-A2BB-0FC16D7A023F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_quick_set_c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB9081F-3B87-4D60-AD41-7EE977BCA017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_quick_set_sx20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DF7B58-4E88-497B-A1D8-A0E23A6B6223",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_te_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7CD062-2DC4-4BED-A086-D10FC4621D7A",
"versionEndIncluding": "4.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_te_software:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E087F5-72E1-4F05-8BDF-F57DEA460CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_te_software:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A98835A-1E5E-4123-B878-6B0D268A87D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_video_phone_e20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFD8721-837D-4FD8-A84F-D844E5C199D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0754B77C-E888-461E-AA1E-74B78DA59B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF6AA3-4850-40A3-8211-82F60F14ACD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_ex60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2E19CC-A0CF-4A06-A8DC-85C056346F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_ex90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B508A1D2-4905-4AA0-A65C-DD4C4FD0A64A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "392D3BBE-8C2D-4643-95DB-79CF5CEDBC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63ED55F5-C88A-463D-9D5D-347D8C85AC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_profile_55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5898916F-DFF0-4474-A704-8330B6DC8056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_profile_65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28E0F948-CD09-4A2D-A2BB-0FC16D7A023F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_quick_set_c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB9081F-3B87-4D60-AD41-7EE977BCA017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_quick_set_sx20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DF7B58-4E88-497B-A1D8-A0E23A6B6223",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743."
},
{
"lang": "es",
"value": "Cisco TelePresence TC Software anterior a v5.1.7 y TE Software anterior a v4.1.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio del dispositivo) mediante paquetes SIP especialmente dise\u00f1ados, tambi\u00e9n conocido como Bug ID CSCue01743."
}
],
"id": "CVE-2013-3377",
"lastModified": "2024-11-21T01:53:30.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-21T13:57:25.623",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-04 19:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:intelligence_proximity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A97A1FAC-E2A3-4EC1-9868-9FAD1A97E16A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4313200E-9FAF-457D-9DBE-E15623A3C62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:meeting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A87CDF74-180B-48BC-907C-85F6C52FFE90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0274B4FE-AB78-412C-A837-DB9C9E7F51A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_teams:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D78AB0F-AD39-46DE-AE43-D9DABE24DF8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF8E71F-0EDA-473A-A673-E29CAC50C256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7549095E-BC00-449F-98AD-2FDF61506AB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0754B77C-E888-461E-AA1E-74B78DA59B78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53020625-037E-46A9-B970-C30802BDC111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF6AA3-4850-40A3-8211-82F60F14ACD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n SSL de la soluci\u00f3n Cisco Intelligent Proximity, podr\u00eda permitir a un atacante remoto no autenticado visualizar o modificar la informaci\u00f3n compartida en los dispositivos de video Cisco Webex y los endpoints de colaboraci\u00f3n de Cisco si los productos cumplen con las condiciones descritas en la secci\u00f3n de Productos Vulnerables. La vulnerabilidad es debido a la falta de comprobaci\u00f3n del certificado del servidor SSL recibido cuando se establece una conexi\u00f3n a un dispositivo de video Cisco Webex o un endpoint de colaboraci\u00f3n de Cisco. Un atacante podr\u00eda explotar esta vulnerabilidad al usar t\u00e9cnicas de tipo man in the middle (MITM) para interceptar el tr\u00e1fico entre el cliente afectado y un endpoint, y luego utilizar un certificado falsificado para suplantar el endpoint. Dependiendo de la configuraci\u00f3n del endpoint, una explotaci\u00f3n podr\u00eda permitir al atacante visualizar el contenido de presentaci\u00f3n compartido en \u00e9l, modificar cualquier contenido presentado por la v\u00edctima o tener acceso a los controles de llamadas. Esta vulnerabilidad no afecta a los endpoints de colaboraci\u00f3n registrados en la nube."
}
],
"id": "CVE-2020-3155",
"lastModified": "2024-11-21T05:30:26.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-04T19:15:12.697",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-31 23:55
Modified
2024-11-21 01:28
Severity ?
Summary
Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_codec_c40 | * | |
| cisco | telepresence_codec_c60 | * | |
| cisco | telepresence_codec_c90 | * | |
| cisco | telepresence_ex60 | * | |
| cisco | telepresence_ex90 | * | |
| cisco | telepresence_c_series_software | * | |
| cisco | telepresence_c_series_software | tc3.0.0 | |
| cisco | telepresence_c_series_software | tc3.1.0 | |
| cisco | telepresence_c_series_software | tc3.1.1 | |
| cisco | telepresence_c_series_software | tc3.1.2 | |
| cisco | telepresence_c_series_software | tc3.1.3 | |
| cisco | telepresence_6000_mxp | * | |
| cisco | telepresence_9000_mxp | * | |
| cisco | telepresence_mxp_software | f8.2 | |
| cisco | telepresence_mxp_software | f9.0 | |
| cisco | telepresence_mxp_software | f9.0.1 | |
| cisco | telepresence_mxp_software | f9.0.2 | |
| cisco | telepresence_e20 | * | |
| cisco | telepresence_e20_software | te2.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5E2223-2180-4D0F-9E34-8AF54DC97FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:*:*:*:*:*:*:*:*",
"matchCriteriaId": "001596FF-7961-4983-8E1B-E272C94958EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC21F7C-240C-446E-BDF6-3E1AB9B05B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_ex60:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6817FE7D-7326-48A4-B0D4-82D086A59789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_ex90:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5666DD-9D12-4B3F-8E36-E86A74FD63CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0C0F89-EB02-44F7-8C5B-5F1BB6F7B78E",
"versionEndIncluding": "tc3.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50105F72-7662-4501-A636-12B0CA39F3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC54B18-A85D-4E7D-92EA-E41B7BBFE674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE78B49E-437A-4152-A900-A4970820B651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60241812-BAAA-4B09-8081-0E56E3F17D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB09627-26D5-44AE-9A25-3B6FF42DB4BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_6000_mxp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "059AF6E3-0E8A-4C80-85D2-92E4F6C1148F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_9000_mxp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33339F8B-49B8-4601-974B-25954B13DFD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_mxp_software:f8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE1AE6C-A4A2-4B30-908C-B762C7FF3731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mxp_software:f9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35C323D0-15A4-4639-9DDC-513BD7EEC5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mxp_software:f9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B30A62F0-46F1-4F5E-9359-034609462F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_mxp_software:f9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E634F54-2913-4BAD-A6C6-93A0043A6253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_e20:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4723AA-DB31-4528-9B0E-DA89A0A48EEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_e20_software:te2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1890CD-A9DE-426A-9769-BD69D38C38AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en TelePresence C Series Endpoints de Cisco, unidades E/EX Personal Video, y MXP Series Codecs, cuando se utilizan las versiones de software anterior a versiones 4.0.0 o F9.1 del TC, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un paquete SIP dise\u00f1ado al puerto 5060 o 5061, tambi\u00e9n se conoce como Bug ID CSCtq46500."
}
],
"id": "CVE-2011-2577",
"lastModified": "2024-11-21T01:28:31.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-31T23:55:03.300",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://securityreason.com/securityalert/8387"
},
{
"source": "ykramarz@cisco.com",
"url": "http://securityreason.com/securityalert/8389"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17871"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/49392"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1025994"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69513"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-21 18:15
Modified
2024-11-21 04:23
Severity ?
Summary
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_codec_c40_firmware | - | |
| cisco | telepresence_codec_c40 | - | |
| cisco | telepresence_codec_c60_firmware | - | |
| cisco | telepresence_codec_c60 | - | |
| cisco | telepresence_codec_c90_firmware | - | |
| cisco | telepresence_codec_c90 | - | |
| cisco | roomos | * | |
| cisco | roomos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF8E71F-0EDA-473A-A673-E29CAC50C256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7549095E-BC00-449F-98AD-2FDF61506AB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0754B77C-E888-461E-AA1E-74B78DA59B78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53020625-037E-46A9-B970-C30802BDC111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF6AA3-4850-40A3-8211-82F60F14ACD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C266A27-F825-459A-855F-F2601832E014",
"versionEndIncluding": "9.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E95BCCD3-AE74-409D-836F-D92747B2402D",
"versionEndExcluding": "9.8.0",
"versionStartExcluding": "9.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el software Cisco RoomOS podr\u00eda permitir que un atacante local autenticado escriba archivos en el sistema de archivos subyacente con privilegios de root. La vulnerabilidad se debe a restricciones de permisos insuficientes en un proceso espec\u00edfico. Un atacante podr\u00eda aprovechar esta vulnerabilidad iniciando sesi\u00f3n en un dispositivo afectado con credenciales de soporte remoto e iniciando el proceso espec\u00edfico en el dispositivo y enviando datos dise\u00f1ados a ese proceso. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante escribir archivos en el sistema de archivos subyacente con privilegios de root."
}
],
"id": "CVE-2019-12622",
"lastModified": "2024-11-21T04:23:12.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-21T18:15:13.430",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-23 01:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ex60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25AE211E-E216-456C-A418-54A9F1D4A528",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ex60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCB5C6D-7E0A-4C3C-953A-DE9176060335",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ex90_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50D1F2D2-17F2-4A96-AF6B-DFFE5FDF6E9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ex90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DC52BD-9704-4406-9F8B-44049A18BC8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx10_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46CAB451-2370-4FDA-981A-2402BCA610DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "318D0E10-B389-45A7-8B53-F515C0E8CA31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx20_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFB48F0-3B5A-4DD2-BB68-38BA42043DA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18EB7279-FB2E-433D-A6DA-5E5E94725C27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx80_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B803447B-B889-41DE-8254-BBEF0D664FC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD91FCB6-AF82-4425-BBBC-7CDD8CBF7978",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF8E71F-0EDA-473A-A673-E29CAC50C256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7549095E-BC00-449F-98AD-2FDF61506AB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0754B77C-E888-461E-AA1E-74B78DA59B78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53020625-037E-46A9-B970-C30802BDC111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF6AA3-4850-40A3-8211-82F60F14ACD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_mx200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70567CFE-DEBD-4285-BB11-6EDC94126949",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "392D3BBE-8C2D-4643-95DB-79CF5CEDBC6A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_mx300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55F6C2-D7FA-4BCA-961E-4994F577D151",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63ED55F5-C88A-463D-9D5D-347D8C85AC43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_mx700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F13426-3904-4A07-B1B9-1464F5E083DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89C485F0-17FF-4785-ABF1-BC6CB38196E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_mx800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF15695E-752D-4C94-9A77-0BB56F10CA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16DE9D91-7C80-4BDB-B4B4-FACD56957999",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_board_55_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61A0EF95-7CC5-4EE2-A5D8-803195F63F49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_board_55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6554B9F-CD89-49B4-B55A-510B1C881C4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_board_55s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68546316-D08D-4E0B-BDDE-BF6320B730EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_board_55s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0EC6FF-44F6-4033-BDAF-A396C2635D3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_board_70_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85FDA9FB-BB79-4A60-B825-D68B3719BFE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_board_70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A85B502B-2F55-4CA5-9AAA-0CD5BBA45EB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_board_70s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5565DF04-82F3-40C7-8E82-44A0DA72398B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_board_70s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15073B83-81ED-4E98-8521-1320F8120C3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_board_85s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA125CA-2BF9-4F22-8F8B-DC2E09A19E51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_board_85s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31842684-B05D-4E17-9229-EC6993E78612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_dx70_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69224767-0E2B-4A85-A7F1-77C6B41668DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_dx70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEB693F-64A4-46CC-B7AB-8BC0AA84F9E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_dx80_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53BE3D06-730E-44E2-B3B0-ED29AB5D1BF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_dx80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C17B385C-68D5-4FF5-AE40-6EDA46E3ACB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_room_55_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90095155-ABC0-43C9-896A-55A797EC2055",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_room_55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A983D4D-9E04-45CE-BE3C-9FCD0018837F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_room_70_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1BD59F-078D-45D2-AC39-C479A4C6E7CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_room_70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD45F341-FAD8-4B10-B28C-8697E51C6B61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la API del endpoint de video (xAPI) de Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, y Cisco RoomOS Software, podr\u00eda permitir a un atacante remoto autenticado conducir ataques de salto de directorio en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada suministrada por el usuario para la xAPI del software afectado.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n dise\u00f1ada hacia la xAPI.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer y escribir archivos arbitrarios en el sistema.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante podr\u00eda necesitar un In-Room Control o una cuenta de administrador"
}
],
"id": "CVE-2020-3143",
"lastModified": "2024-11-21T05:30:24.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-23T01:15:15.410",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-23 10:55
Modified
2024-11-21 01:28
Severity ?
Summary
Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | telepresence_codec_c40 | * | |
| cisco | telepresence_codec_c60 | * | |
| cisco | telepresence_codec_c90 | * | |
| cisco | telepresence_c_series_software | tc4.0.0 | |
| cisco | telepresence_c_series_software | tc4.0.1 | |
| cisco | telepresence_c_series_software | tc4.0.4 | |
| cisco | telepresence_c_series_software | tc4.1.0 | |
| cisco | telepresence_c_series_software | tc4.1.1 | |
| cisco | telepresence_c_series_software | tc4.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5E2223-2180-4D0F-9E34-8AF54DC97FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:*:*:*:*:*:*:*:*",
"matchCriteriaId": "001596FF-7961-4983-8E1B-E272C94958EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC21F7C-240C-446E-BDF6-3E1AB9B05B4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33B45531-86E4-462A-ADCD-AB519E3A7CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "180F6879-05EC-4BEC-92E8-DD55BCB93D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "556BF725-71CD-40B8-BECD-557DC8922E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B10E3F-CE68-4D2E-BC59-C4FAA6675280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71A51261-B1D7-4ACA-8399-6BBBB17CDB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321FC6B1-D14C-490C-A1EB-E61F63DFB4F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el componente cuil de Cisco TelePresence System Integrator de la Serie C 4.x antes de TC4.2.0, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (reinicio de punto final o ca\u00edda del proceso) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro location largo en el programa GetXml, tambi\u00e9n conocido como Bug ID CSCtq46496."
}
],
"id": "CVE-2011-2543",
"lastModified": "2024-11-21T01:28:29.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-23T10:55:02.693",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46057"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46109"
},
{
"source": "ykramarz@cisco.com",
"url": "http://securityreason.com/securityalert/8393"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1026072"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17871"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/49670"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1026072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69907"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-3155
Vulnerability from cvelistv5
Published
2020-03-04 18:40
Modified
2024-11-15 17:35
Severity ?
EPSS score ?
Summary
A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Jabber IM for Android |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200304 Cisco Intelligent Proximity SSL Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:24:52.847042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:35:03.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Jabber IM for Android",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-04T18:40:32",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200304 Cisco Intelligent Proximity SSL Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB"
}
],
"source": {
"advisory": "cisco-sa-proximity-ssl-cert-gBBu3RB",
"defect": [
[
"CSCvr90871"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Intelligent Proximity SSL Certificate Validation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-03-04T16:00:00-0800",
"ID": "CVE-2020-3155",
"STATE": "PUBLIC",
"TITLE": "Cisco Intelligent Proximity SSL Certificate Validation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Jabber IM for Android",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200304 Cisco Intelligent Proximity SSL Certificate Validation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB"
}
]
},
"source": {
"advisory": "cisco-sa-proximity-ssl-cert-gBBu3RB",
"defect": [
[
"CSCvr90871"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3155",
"datePublished": "2020-03-04T18:40:32.322145Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:35:03.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12622
Vulnerability from cvelistv5
Published
2019-08-21 18:00
Modified
2024-11-21 19:16
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco TelePresence CE Software |
Version: unspecified < ce-9.7.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:39.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190821 Cisco RoomOS Software Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-12622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:57:17.568865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:16:06.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco TelePresence CE Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "ce-9.7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-275",
"description": "CWE-275",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T18:00:23",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190821 Cisco RoomOS Software Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc"
}
],
"source": {
"advisory": "cisco-sa-20190821-roomos-privesc",
"defect": [
[
"CSCvp79711"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco RoomOS Software Privilege Escalation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-08-21T16:00:00-0700",
"ID": "CVE-2019-12622",
"STATE": "PUBLIC",
"TITLE": "Cisco RoomOS Software Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence CE Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "ce-9.7.3"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.1",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-275"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190821 Cisco RoomOS Software Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc"
}
]
},
"source": {
"advisory": "cisco-sa-20190821-roomos-privesc",
"defect": [
[
"CSCvp79711"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-12622",
"datePublished": "2019-08-21T18:00:23.216856Z",
"dateReserved": "2019-06-04T00:00:00",
"dateUpdated": "2024-11-21T19:16:06.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2543
Vulnerability from cvelistv5
Published
2011-09-23 10:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/49670 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/8393 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/46057 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/46109 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1026072 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/519698/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.exploit-db.com/exploits/17871 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69907 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:22.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49670"
},
{
"name": "8393",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8393"
},
{
"name": "46057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46057"
},
{
"name": "46109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46109"
},
{
"name": "1026072",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026072"
},
{
"name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"
},
{
"name": "17871",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17871"
},
{
"name": "cisco-telepresence-getxml-bo(69907)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "49670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49670"
},
{
"name": "8393",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8393"
},
{
"name": "46057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46057"
},
{
"name": "46109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46109"
},
{
"name": "1026072",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026072"
},
{
"name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"
},
{
"name": "17871",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17871"
},
{
"name": "cisco-telepresence-getxml-bo(69907)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69907"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-2543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49670"
},
{
"name": "8393",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8393"
},
{
"name": "46057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46057"
},
{
"name": "46109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46109"
},
{
"name": "1026072",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026072"
},
{
"name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"
},
{
"name": "17871",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17871"
},
{
"name": "cisco-telepresence-getxml-bo(69907)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69907"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-2543",
"datePublished": "2011-09-23T10:00:00",
"dateReserved": "2011-06-27T00:00:00",
"dateUpdated": "2024-08-06T23:08:22.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3377
Vulnerability from cvelistv5
Published
2013-06-21 10:00
Modified
2024-09-17 03:18
Severity ?
EPSS score ?
Summary
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130619 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-21T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130619 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130619 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-3377",
"datePublished": "2013-06-21T10:00:00Z",
"dateReserved": "2013-05-06T00:00:00Z",
"dateUpdated": "2024-09-17T03:18:46.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2577
Vulnerability from cvelistv5
Published
2011-08-31 23:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1025994 | vdb-entry, x_refsource_SECTRACK | |
| http://securityreason.com/securityalert/8389 | third-party-advisory, x_refsource_SREASON | |
| http://securityreason.com/securityalert/8387 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/49392 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69513 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/519698/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.exploit-db.com/exploits/17871 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1025994",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025994"
},
{
"name": "8389",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8389"
},
{
"name": "8387",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8387"
},
{
"name": "49392",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49392"
},
{
"name": "cisco-telepresence-codecs-sip-dos(69513)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69513"
},
{
"name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"
},
{
"name": "17871",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17871"
},
{
"name": "20110831 Denial of Service Vulnerability in Cisco TelePresence Codecs",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1025994",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025994"
},
{
"name": "8389",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8389"
},
{
"name": "8387",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8387"
},
{
"name": "49392",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49392"
},
{
"name": "cisco-telepresence-codecs-sip-dos(69513)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69513"
},
{
"name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"
},
{
"name": "17871",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17871"
},
{
"name": "20110831 Denial of Service Vulnerability in Cisco TelePresence Codecs",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-2577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025994",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025994"
},
{
"name": "8389",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8389"
},
{
"name": "8387",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8387"
},
{
"name": "49392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49392"
},
{
"name": "cisco-telepresence-codecs-sip-dos(69513)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69513"
},
{
"name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"
},
{
"name": "17871",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17871"
},
{
"name": "20110831 Denial of Service Vulnerability in Cisco TelePresence Codecs",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-2577",
"datePublished": "2011-08-31T23:00:00",
"dateReserved": "2011-06-27T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3143
Vulnerability from cvelistv5
Published
2020-09-23 00:25
Modified
2024-11-13 18:06
Severity ?
EPSS score ?
Summary
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco TelePresence TC Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:18:05.411231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:06:58.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco TelePresence TC Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T00:25:21",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
}
],
"source": {
"advisory": "cisco-sa-telepresence-path-tr-wdrnYEZZ",
"defect": [
[
"CSCvs45241",
"CSCvs67675",
"CSCvs67680"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00",
"ID": "CVE-2020-3143",
"STATE": "PUBLIC",
"TITLE": "Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence TC Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
}
]
},
"source": {
"advisory": "cisco-sa-telepresence-path-tr-wdrnYEZZ",
"defect": [
[
"CSCvs45241",
"CSCvs67675",
"CSCvs67680"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3143",
"datePublished": "2020-09-23T00:25:21.647542Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-13T18:06:58.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}