CVE-2020-26068

Cisco Telepresence CE Software and RoomOS Software Unauthorized Token Generation Vulnerability

CVSS 5.5 MEDIUMEPSS 0.7%CWE-639

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.5EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

18 Nov 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Affected products

Cisco · Cisco TelePresence Endpoint Software (TC/CE)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-uathracc-jWNESUfM