Vulnerability Description
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Roomos | - |
| Cisco | Telepresence Collaboration Endpoint | >= 9.10.0, < 9.10.3 |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tVendor Advisory
FAQ
What is CVE-2020-26068?
CVE-2020-26068 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vu...
How severe is CVE-2020-26068?
CVE-2020-26068 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26068?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Roomos, Cisco Telepresence Collaboration Endpoint.