critical
9
CWE
22
Advisory Published
Updated

CVE-2020-3143: Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability

First published: Wed Sep 23 2020(Updated: )

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Ex60 Firmware
Cisco Ex60
Cisco Ex90 Firmware
Cisco Ex90
Cisco Sx10 Firmware
Cisco Sx10
Cisco Sx20 Firmware
Cisco Sx20
Cisco Sx80 Firmware
Cisco Sx80
Cisco Telepresence Codec C40 Firmware
Cisco Telepresence Codec C40
Cisco Telepresence Codec C60 Firmware
Cisco Telepresence Codec C60
Cisco Telepresence Codec C90 Firmware
Cisco Telepresence Codec C90
Cisco Telepresence Mx200 Firmware
Cisco Telepresence Mx200
Cisco Telepresence Mx300 Firmware
Cisco Telepresence Mx300
Cisco Telepresence Mx700 Firmware
Cisco Telepresence Mx700
Cisco Telepresence Mx800 Firmware
Cisco Telepresence Mx800
Cisco Webex Board 55 Firmware
Cisco Webex Board 55
Cisco Webex Board 55s Firmware
Cisco Webex Board 55s
Cisco Webex Board 70 Firmware
Cisco Webex Board 70
Cisco Webex Board 70s Firmware
Cisco Webex Board 70s
Cisco Webex Board 85s Firmware
Cisco Webex Board 85s
Cisco Webex Dx70 Firmware
Cisco Webex Dx70
Cisco Webex Dx80 Firmware
Cisco Webex Dx80
Cisco Webex Room 55 Firmware
Cisco Webex Room 55
Cisco Webex Room 70 Firmware
Cisco Webex Room 70

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2020-3143.

  • What is the severity of CVE-2020-3143?

    The severity of CVE-2020-3143 is critical with a CVSS score of 7.2.

  • Which Cisco products are affected by this vulnerability?

    This vulnerability affects Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software.

  • How does the vulnerability in the video endpoint API (xAPI) allow an attack?

    The vulnerability allows an authenticated, remote attacker to conduct directory traversal attacks on an affected device.

  • Is there a fix available for CVE-2020-3143?

    Yes, Cisco has released software updates to address this vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203