Vulnerabilities > Cisco > Roomos > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2023-20002 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. | 4.4 |
| 2022-10-26 | CVE-2022-20776 | Path Traversal vulnerability in Cisco Telepresence Collaboration Endpoint Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. | 6.7 |
| 2022-10-26 | CVE-2022-20953 | Path Traversal vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. | 5.5 |
| 2022-05-04 | CVE-2022-20794 | Open Redirect vulnerability in Cisco Telepresence Collaboration Endpoint Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. | 4.7 |
| 2021-05-06 | CVE-2021-1532 | Path Traversal vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. | 6.5 |
| 2020-11-18 | CVE-2020-26068 | Authorization Bypass Through User-Controlled Key vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. | 6.5 |
| 2019-11-26 | CVE-2019-15967 | Unspecified vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. | 4.4 |
| 2019-08-21 | CVE-2019-12622 | Unspecified vulnerability in Cisco products A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. | 5.5 |