CVE-2020-3143 — Path Traversal in Cisco Telepresence TC Software

CWE-22 — Path Traversal7 documents5 sources

Severity

7.2HIGHNVD

EPSS

2.3%

top 15.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence TC Software

Timeline

PublishedSep 23

Latest updateMay 24

Description

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful expl…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5cisco/cisco_telepresence_tc_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-j55q-wc55-chv4: A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, a↗2022-05-24

▶

CVEList

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability↗2020-09-23

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability↗2020-01-22

▶

💬Community

Bugzilla

CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans↗2020-05-11

▶