Vulnerability Name:

CVE-2020-3143 (CCN-174921)

Assigned:2019-12-12
Published:2020-01-22
Updated:2020-10-05
Summary:A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.
CVSS v3 Severity:7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-22
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-3143

Source: XF
Type: UNKNOWN
cisco-cve20203143-dir-traversal(174921)

Source: CCN
Type: Cisco Security Advisory cisco-sa-telepresence-path-tr-wdrnYEZZ
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability

Source: CISCO
Type: Vendor Advisory
20200122 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:ex60_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:ex60:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:cisco:ex90_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:ex90:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:cisco:sx10_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:sx10:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:cisco:sx20_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:sx20:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:cisco:sx80_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:sx80:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:cisco:telepresence_mx200_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:telepresence_mx200:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:cisco:telepresence_mx300_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:telepresence_mx300:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:cisco:telepresence_mx700_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:telepresence_mx700:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:cisco:telepresence_mx800_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:telepresence_mx800:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:cisco:webex_board_55_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:webex_board_55:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:cisco:webex_board_55s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:webex_board_55s:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:cisco:webex_board_70_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:webex_board_70:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:cisco:webex_board_70s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:webex_board_70s:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:cisco:webex_board_85s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:webex_board_85s:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:cisco:webex_dx70_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:webex_dx70:-:*:*:*:*:*:*:*

    • Configuration 19:
  • cpe:/o:cisco:webex_dx80_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:webex_dx80:-:*:*:*:*:*:*:*

    • Configuration 20:
  • cpe:/o:cisco:webex_room_55_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:webex_room_55:-:*:*:*:*:*:*:*

    • Configuration 21:
  • cpe:/o:cisco:webex_room_70_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:webex_room_70:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco ex60 firmware -
    cisco ex60 -
    cisco ex90 firmware -
    cisco ex90 -
    cisco sx10 firmware -
    cisco sx10 -
    cisco sx20 firmware -
    cisco sx20 -
    cisco sx80 firmware -
    cisco sx80 -
    cisco telepresence codec c40 firmware -
    cisco telepresence codec c40 -
    cisco telepresence codec c60 firmware -
    cisco telepresence codec c60 -
    cisco telepresence codec c90 firmware -
    cisco telepresence codec c90 -
    cisco telepresence mx200 firmware -
    cisco telepresence mx200 -
    cisco telepresence mx300 firmware -
    cisco telepresence mx300 -
    cisco telepresence mx700 firmware -
    cisco telepresence mx700 -
    cisco telepresence mx800 firmware -
    cisco telepresence mx800 -
    cisco webex board 55 firmware -
    cisco webex board 55 -
    cisco webex board 55s firmware -
    cisco webex board 55s -
    cisco webex board 70 firmware -
    cisco webex board 70 -
    cisco webex board 70s firmware -
    cisco webex board 70s -
    cisco webex board 85s firmware -
    cisco webex board 85s -
    cisco webex dx70 firmware -
    cisco webex dx70 -
    cisco webex dx80 firmware -
    cisco webex dx80 -
    cisco webex room 55 firmware -
    cisco webex room 55 -
    cisco webex room 70 firmware -
    cisco webex room 70 -