Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Read Vulnerability
Vulnerability Description
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation of command arguments. An attacker could exploit this vulnerability by sending a crafted command request to the xAPI. A successful exploit could allow the attacker to read the contents of any file that is located on the device filesystem.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Cisco TelePresence Collaboration Endpoint 路径遍历漏洞
Vulnerability Description
Cisco TelePresence Collaboration Endpoint(CE)是美国思科(Cisco)公司的一款使用在Cisco视频会议解决方案中的协作终端软件。 Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software 存在路径遍历漏洞,该漏洞源于命令参数的路径验证不足。攻击者可利用该漏洞读取位于设备文件系统上的任何文件的内容。
CVSS Information
N/A
Vulnerability Type
N/A