First published: Thu Jun 18 2020(Updated: )
A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. The vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending requests with malformed parameters to the system using the console, Secure Shell (SSH), or web API. A successful exploit could allow the attacker to modify the device configuration or cause a DoS.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco RoomOS | ||
Cisco TelePresence Collaboration Endpoint | <9.9.4 | |
Cisco TelePresence Collaboration Endpoint | >=9.10.0<=9.10.2 | |
Cisco TelePresence Collaboration Endpoint | >=9.12.0<=9.12.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3336 is a vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software.
The severity of CVE-2020-3336 is critical (7.2).
An authenticated, remote attacker can exploit CVE-2020-3336 to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem.
Cisco TelePresence Collaboration Endpoint Software versions up to 9.9.4, 9.10.0 to 9.10.2, and 9.12.0 to 9.12.3 are affected by CVE-2020-3336.
It is recommended to apply the necessary updates provided by Cisco to fix CVE-2020-3336.