Vulnerabilities > Cisco > Telepresence Collaboration Endpoint > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2023-20002 Server-Side Request Forgery (SSRF) vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint
A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input.
local
low complexity
cisco CWE-918
4.4
2022-10-26 CVE-2022-20776 Path Traversal vulnerability in Cisco Telepresence Collaboration Endpoint
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device.
local
low complexity
cisco CWE-22
6.7
2022-10-26 CVE-2022-20953 Path Traversal vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device.
local
low complexity
cisco CWE-22
5.5
2022-07-06 CVE-2022-20768 Information Exposure Through Log Files vulnerability in Cisco Telepresence Collaboration Endpoint
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.
network
low complexity
cisco CWE-532
4.9
2022-05-04 CVE-2022-20794 Open Redirect vulnerability in Cisco Telepresence Collaboration Endpoint
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination.
network
low complexity
cisco CWE-601
4.7
2021-05-06 CVE-2021-1532 Path Traversal vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.
network
low complexity
cisco CWE-22
6.5
2020-11-18 CVE-2020-26068 Authorization Bypass Through User-Controlled Key vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device.
network
low complexity
cisco CWE-639
6.5
2020-11-06 CVE-2020-26086 Exposure of Resource to Wrong Sphere vulnerability in Cisco Telepresence Collaboration Endpoint
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device.
network
low complexity
cisco CWE-668
4.3
2019-11-26 CVE-2019-15967 Unspecified vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users.
local
low complexity
cisco
4.4
2019-10-16 CVE-2019-15962 Incorrect Default Permissions vulnerability in Cisco Telepresence Collaboration Endpoint
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device.
local
low complexity
cisco CWE-276
4.4