漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
Vulnerability Description
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Cisco TelePresence Collaboration Endpoint Software 日志信息泄露漏洞
Vulnerability Description
Cisco TelePresence Collaboration Endpoint Software是美国思科(Cisco)公司的一套协作终端软件。 Cisco TelePresence Collaboration Endpoint Software存在日志信息泄露漏洞,该漏洞源于启用SIP媒体组件日志记录时会存储未加密凭据,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A