VDB

CVE-2020-3143

CVE-2020-3143 PUBLISHED CVSS 8.800000190734863 HIGH

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.

EPSS 1.69% · 82.6th percentile

Risk Scores

CVSS 3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
1.69%
82.6th percentile

Affected Products

VendorProductVersions
ciscotelepresence_mx700_firmware
ciscowebex_board_70s_firmware
ciscotelepresence_mx800_firmware
CiscoCisco TelePresence TC Software*
ciscowebex_dx70_firmware
ciscotelepresence_codec_c40_firmware
ciscowebex_board_55s_firmware
ciscosx20_firmware
ciscowebex_dx80_firmware
ciscowebex_board_85s_firmware
ciscosx80_firmware
ciscowebex_room_55_firmware
ciscotelepresence_codec_c90_firmware
ciscowebex_room_70_firmware
ciscoex90_firmware
ciscowebex_board_55_firmware
ciscotelepresence_codec_c60_firmware
ciscosx10_firmware
ciscotelepresence_mx300_firmware
ciscotelepresence_mx200_firmware

…and 2 more

Exploit Intelligence

Timeline

  • Jan 23, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›