First published: Thu May 06 2021(Updated: )
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation of command arguments. An attacker could exploit this vulnerability by sending a crafted command request to the xAPI. A successful exploit could allow the attacker to read the contents of any file that is located on the device filesystem.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Collaboration Endpoint | <9.14.6 | |
Cisco TelePresence Collaboration Endpoint | >=9.15.0.11<9.15.3 | |
Cisco RoomOS | <10.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1532 is a vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software that allows an authenticated, remote attacker to read arbitrary files from the underlying operating system.
CVE-2021-1532 affects Cisco TelePresence Collaboration Endpoint Software versions up to and including 9.14.6.
CVE-2021-1532 affects Cisco RoomOS Software versions up to and including 10.3.1.
CVE-2021-1532 has a severity rating of 6.5 out of 10, indicating a medium-level vulnerability.
To fix CVE-2021-1532, Cisco recommends upgrading to the fixed software version as mentioned in the Cisco Security Advisory.