Vulnerability Description
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ex60 Firmware | - |
| Cisco | Ex60 | - |
| Cisco | Ex90 Firmware | - |
| Cisco | Ex90 | - |
| Cisco | Sx10 Firmware | - |
| Cisco | Sx10 | - |
| Cisco | Sx20 Firmware | - |
| Cisco | Sx20 | - |
| Cisco | Sx80 Firmware | - |
| Cisco | Sx80 | - |
| Cisco | Telepresence Codec C40 Firmware | - |
| Cisco | Telepresence Codec C40 | - |
| Cisco | Telepresence Codec C60 Firmware | - |
| Cisco | Telepresence Codec C60 | - |
| Cisco | Telepresence Codec C90 Firmware | - |
| Cisco | Telepresence Codec C90 | - |
| Cisco | Telepresence Mx200 Firmware | - |
| Cisco | Telepresence Mx200 | - |
| Cisco | Telepresence Mx300 Firmware | - |
| Cisco | Telepresence Mx300 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tVendor Advisory
FAQ
What is CVE-2020-3143?
CVE-2020-3143 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authentica...
How severe is CVE-2020-3143?
CVE-2020-3143 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3143?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ex60 Firmware, Cisco Ex60, Cisco Ex90 Firmware, Cisco Ex90, Cisco Sx10 Firmware.