All the vulnerabilites related to cisco - telepresence_mx200
Vulnerability from fkie_nvd
Published
2020-09-23 01:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ex60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25AE211E-E216-456C-A418-54A9F1D4A528",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ex60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCB5C6D-7E0A-4C3C-953A-DE9176060335",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ex90_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50D1F2D2-17F2-4A96-AF6B-DFFE5FDF6E9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ex90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DC52BD-9704-4406-9F8B-44049A18BC8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx10_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46CAB451-2370-4FDA-981A-2402BCA610DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "318D0E10-B389-45A7-8B53-F515C0E8CA31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx20_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFB48F0-3B5A-4DD2-BB68-38BA42043DA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18EB7279-FB2E-433D-A6DA-5E5E94725C27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx80_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B803447B-B889-41DE-8254-BBEF0D664FC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD91FCB6-AF82-4425-BBBC-7CDD8CBF7978",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF8E71F-0EDA-473A-A673-E29CAC50C256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7549095E-BC00-449F-98AD-2FDF61506AB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0754B77C-E888-461E-AA1E-74B78DA59B78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53020625-037E-46A9-B970-C30802BDC111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF6AA3-4850-40A3-8211-82F60F14ACD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_mx200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70567CFE-DEBD-4285-BB11-6EDC94126949",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "392D3BBE-8C2D-4643-95DB-79CF5CEDBC6A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_mx300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55F6C2-D7FA-4BCA-961E-4994F577D151",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63ED55F5-C88A-463D-9D5D-347D8C85AC43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_mx700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F13426-3904-4A07-B1B9-1464F5E083DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89C485F0-17FF-4785-ABF1-BC6CB38196E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:telepresence_mx800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF15695E-752D-4C94-9A77-0BB56F10CA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16DE9D91-7C80-4BDB-B4B4-FACD56957999",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_board_55_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61A0EF95-7CC5-4EE2-A5D8-803195F63F49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_board_55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6554B9F-CD89-49B4-B55A-510B1C881C4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_board_55s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68546316-D08D-4E0B-BDDE-BF6320B730EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_board_55s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0EC6FF-44F6-4033-BDAF-A396C2635D3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_board_70_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85FDA9FB-BB79-4A60-B825-D68B3719BFE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_board_70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A85B502B-2F55-4CA5-9AAA-0CD5BBA45EB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_board_70s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5565DF04-82F3-40C7-8E82-44A0DA72398B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_board_70s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15073B83-81ED-4E98-8521-1320F8120C3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_board_85s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA125CA-2BF9-4F22-8F8B-DC2E09A19E51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_board_85s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31842684-B05D-4E17-9229-EC6993E78612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_dx70_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69224767-0E2B-4A85-A7F1-77C6B41668DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_dx70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEB693F-64A4-46CC-B7AB-8BC0AA84F9E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_dx80_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53BE3D06-730E-44E2-B3B0-ED29AB5D1BF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_dx80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C17B385C-68D5-4FF5-AE40-6EDA46E3ACB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_room_55_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90095155-ABC0-43C9-896A-55A797EC2055",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_room_55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A983D4D-9E04-45CE-BE3C-9FCD0018837F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:webex_room_70_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1BD59F-078D-45D2-AC39-C479A4C6E7CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:webex_room_70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD45F341-FAD8-4B10-B28C-8697E51C6B61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la API del endpoint de video (xAPI) de Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, y Cisco RoomOS Software, podr\u00eda permitir a un atacante remoto autenticado conducir ataques de salto de directorio en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada suministrada por el usuario para la xAPI del software afectado.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n dise\u00f1ada hacia la xAPI.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer y escribir archivos arbitrarios en el sistema.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante podr\u00eda necesitar un In-Room Control o una cuenta de administrador"
}
],
"id": "CVE-2020-3143",
"lastModified": "2024-11-21T05:30:24.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-23T01:15:15.410",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-21 13:57
Modified
2024-11-21 01:53
Severity ?
Summary
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79D79CCC-6C2D-48ED-A377-96C11B52E1F5",
"versionEndIncluding": "5.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E492709-66DB-4491-AC15-550398099903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88A64CA3-C8E8-4DCB-B865-1767EE178F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A19AC9B-91B4-4691-BFB7-BEC9A3CD2678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4C16D2-4FFC-45C5-B3D8-26EF76482B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02184B87-A8D9-4445-A6FC-F1F5DDE0DBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEFCD2A-167A-4897-BF94-42876763F38B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A94F378C-506E-4C0A-A23A-1F71ABDBD7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB451E1B-9B64-434B-BA1E-FFE9CD472CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D46D718-4708-4018-A1E2-2094519E9E3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_video_phone_e20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFD8721-837D-4FD8-A84F-D844E5C199D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0754B77C-E888-461E-AA1E-74B78DA59B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF6AA3-4850-40A3-8211-82F60F14ACD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_ex60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2E19CC-A0CF-4A06-A8DC-85C056346F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_ex90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B508A1D2-4905-4AA0-A65C-DD4C4FD0A64A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "392D3BBE-8C2D-4643-95DB-79CF5CEDBC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63ED55F5-C88A-463D-9D5D-347D8C85AC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_profile_55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5898916F-DFF0-4474-A704-8330B6DC8056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_profile_65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28E0F948-CD09-4A2D-A2BB-0FC16D7A023F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_quick_set_c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB9081F-3B87-4D60-AD41-7EE977BCA017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_quick_set_sx20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DF7B58-4E88-497B-A1D8-A0E23A6B6223",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:telepresence_te_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7CD062-2DC4-4BED-A086-D10FC4621D7A",
"versionEndIncluding": "4.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_te_software:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E087F5-72E1-4F05-8BDF-F57DEA460CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_te_software:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A98835A-1E5E-4123-B878-6B0D268A87D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_video_phone_e20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFD8721-837D-4FD8-A84F-D844E5C199D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0754B77C-E888-461E-AA1E-74B78DA59B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF6AA3-4850-40A3-8211-82F60F14ACD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_ex60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2E19CC-A0CF-4A06-A8DC-85C056346F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_ex90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B508A1D2-4905-4AA0-A65C-DD4C4FD0A64A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "392D3BBE-8C2D-4643-95DB-79CF5CEDBC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_mx300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63ED55F5-C88A-463D-9D5D-347D8C85AC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_profile_55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5898916F-DFF0-4474-A704-8330B6DC8056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_profile_65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28E0F948-CD09-4A2D-A2BB-0FC16D7A023F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_quick_set_c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB9081F-3B87-4D60-AD41-7EE977BCA017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:telepresence_quick_set_sx20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DF7B58-4E88-497B-A1D8-A0E23A6B6223",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743."
},
{
"lang": "es",
"value": "Cisco TelePresence TC Software anterior a v5.1.7 y TE Software anterior a v4.1.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio del dispositivo) mediante paquetes SIP especialmente dise\u00f1ados, tambi\u00e9n conocido como Bug ID CSCue01743."
}
],
"id": "CVE-2013-3377",
"lastModified": "2024-11-21T01:53:30.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-21T13:57:25.623",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-3143
Vulnerability from cvelistv5
Published
2020-09-23 00:25
Modified
2024-11-13 18:06
Severity ?
EPSS score ?
Summary
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco TelePresence TC Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:18:05.411231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:06:58.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco TelePresence TC Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T00:25:21",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
}
],
"source": {
"advisory": "cisco-sa-telepresence-path-tr-wdrnYEZZ",
"defect": [
[
"CSCvs45241",
"CSCvs67675",
"CSCvs67680"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00",
"ID": "CVE-2020-3143",
"STATE": "PUBLIC",
"TITLE": "Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence TC Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
}
]
},
"source": {
"advisory": "cisco-sa-telepresence-path-tr-wdrnYEZZ",
"defect": [
[
"CSCvs45241",
"CSCvs67675",
"CSCvs67680"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3143",
"datePublished": "2020-09-23T00:25:21.647542Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-13T18:06:58.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3377
Vulnerability from cvelistv5
Published
2013-06-21 10:00
Modified
2024-09-17 03:18
Severity ?
EPSS score ?
Summary
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130619 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-21T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130619 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130619 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-3377",
"datePublished": "2013-06-21T10:00:00Z",
"dateReserved": "2013-05-06T00:00:00Z",
"dateUpdated": "2024-09-17T03:18:46.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}