CVE-2020-3336 — OS Command Injection in Cisco Telepresence Collaboration Endpoint

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.2HIGHNVD

EPSS

1.0%

top 22.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Collaboration Endpoint Cisco Telepresence CE Software

Timeline

PublishedJun 18

Latest updateMay 24

Description

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. The vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending requests with malformed parameters to the system using the console, Se…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_telepresence_ce_softwaren/a

▶NVDcisco/telepresence_collaboration_endpoint9.10.0 — 9.10.2+2

🔴Vulnerability Details

GHSA

GHSA-xm4r-pr55-hfw3: A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authent↗2022-05-24

▶

CVEList

Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability↗2020-06-18

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability↗2020-06-17

▶