CVE-2020-3143

23.09.2020, 01:15

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cisco	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Vendor	Product	Version
cisco	ex60_firmware	-
cisco	ex90_firmware	-
cisco	sx10_firmware	-
cisco	sx20_firmware	-
cisco	sx80_firmware	-
cisco	telepresence_codec_c40_firmware	-
cisco	telepresence_codec_c60_firmware	-
cisco	telepresence_codec_c90_firmware	-
cisco	telepresence_mx200_firmware	-
cisco	telepresence_mx300_firmware	-
cisco	telepresence_mx700_firmware	-
cisco	telepresence_mx800_firmware	-
cisco	webex_board_55_firmware	-
cisco	webex_board_55s_firmware	-
cisco	webex_board_70_firmware	-
cisco	webex_board_70s_firmware	-
cisco	webex_board_85s_firmware	-
cisco	webex_dx70_firmware	-
cisco	webex_dx80_firmware	-
cisco	webex_room_55_firmware	-
cisco	webex_room_70_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ