CVE-2020-26068

EPSS 0.18%
Veröffentlicht 18.11.2020 18:15:11
Zuletzt bearbeitet 21.11.2024 05:19:09
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Roomos Version-

Cisco ≫ Telepresence Collaboration Endpoint Version >= 9.10.0 < 9.10.3

Cisco ≫ Telepresence Collaboration Endpoint Version >= 9.12.0 < 9.12.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.368

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	1.2	5.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N
psirt@cisco.com	5.5	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-uathracc-jWNESUfM

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-26068

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-26068

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-26068

EUVD