19 matches found
CVE-2022-20793
A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification...
CVE-2022-20793 Cisco Touch 10 Device Insufficient Identity Verification Vulnerability
A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification...
CVE-2022-20931 Cisco Touch 10 Device Downgrade Attack Vulnerability
A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could...
CVE-2022-20953
Cisco TelePresence CE and RoomOS Software are affected by multiple local, authenticated vulnerabilities leading to path traversal, sensitive data disclosure, and arbitrary file writes. Exploitation routes include excessive privileges for system commands (viewing keystrokes via USB, etc.) and syml...
Cisco Touch 10 Authentication Error Vulnerability
Cisco Touch 10 is a video conferencing system control unit from Cisco. It is designed for intuitive touch-based interaction with Webex Room Kit Series, Webex Rome Series, and Panorama Series systems, providing instant access to meetings, contacts, directories, and content. An authentication error...
Cisco Touch 10 安全漏洞
Cisco Touch 10 is a video conferencing system control unit from Cisco. It is designed for intuitive touch-based interaction with Webex Room Kit Series, Webex Rome Series, and Panorama Series systems, providing instant access to meetings, contacts, directories, and content. An authentication error...
CVE-2022-20794
CVE-2022-20794 covers multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software. The issues could allow a remote attacker to cause a DoS, view sensitive data on the affected device, or redirect users to an attacker-controlled d...
CVE-2022-20764
Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software are affected by multiple vulnerabilities in the web engine that can allow a remote attacker to cause a denial of service, disclose sensitive data, or redirect users to attacker-controlled destinations. The Cisco advisory Cis...
CVE-2021-22232
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2020-26068
CVE-2020-26068 affects Cisco Telepresence CE Software and Cisco RoomOS Software. A flaw in the xAPI service due to insufficient access authorization allows an authenticated remote attacker to generate an access token for an affected device, potentially enabling experimental features that should n...
CVE-2020-26086
CVE-2020-26086 relates to Cisco TelePresence Collaboration Endpoint Software. A vulnerability in the video endpoint API (xAPI) could allow an authenticated, remote attacker to access sensitive information due to improper storage of sensitive data on the device. The issue affects the xAPI componen...
CVE-2019-15962
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...
CVE-2019-15273
Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...
Design/Logic Flaw
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...
CVE-2019-15962
CVE-2019-15962 describes a local arbitrary file write vulnerability in Cisco TelePresence Collaboration Endpoint (CE) Software. The root cause is improper permission assignment in the CLI, allowing an authenticated, local attacker to log in as the remotesupport user and write files to the /root d...
CVE-2019-15277
The CVE-2019-15277 issue affects Cisco TelePresence Collaboration Endpoint Software (CE). It is a local privilege-escalation vulnerability in the CLI where an authenticated attacker can gain root privileges due to insufficient input validation. Exploitation requires authenticating as the remote s...
CVE-2019-15274
CVE-2019-15274 affects Cisco TelePresence Collaboration Endpoint (CE) Software. The vulnerability is in the CLI where insufficient input validation allows an authenticated, local attacker (with administrative access in the restricted shell) to submit crafted input to a specific command, enabling ...
CVE-2017-3825
A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint CE Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to...
CVE-2017-3825
CVE-2017-3825 affects Cisco TelePresence CE software via ICMP ingress packet processing. The issue arises from incomplete validation of the ICMP packet size, enabling an unauthenticated, remote attacker to trigger a reload of the TelePresence endpoint and cause DoS, potentially dropping calls. Af...