Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability
Vulnerability Description
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Cisco TelePresence CE、Cisco TelePresence Codec和Cisco RoomOS 路径遍历漏洞
Vulnerability Description
Cisco TelePresence Collaboration Endpoint Software是美国思科(Cisco)公司的一套协作终端软件。 Cisco TelePresence CE,Cisco TelePresence Codec和Cisco RoomOS中存在路径遍历漏洞,该漏洞源于程序没有充分验证发送到xAPI(受影响软件)上的用户输入。攻击者可通过向xAPI发送特制的请求利用该漏洞在系统中读写任意文件。
CVSS Information
N/A
Vulnerability Type
N/A