Severity Rating: HIGH
Software Affected
Cisco TelePresence Collaboration Endpoint Software and RoomOS Software
Overview
A vulnerability have been reported in the software upgrade process of Cisco
TelePresence Collaboration Endpoint Software and Cisco RoomOS Software
which could allow an authenticated, remote attacker to modify the file
system to cause a denial of service (DoS) or gain privileged access to the
root file system.
Description
A Vulnerability exists in the software upgrade process of Cisco
TelePresence Collaboration Endpoint Software and Cisco RoomOS Software due
to insufficient input validation that could allow the attacker to modify
the file system to cause a denial of service (DoS) or gain privileged
access to the root file system. An attacker could exploit this
vulnerability by sending requests with malformed parameters to the system
using the console, Secure Shell (SSH), or web API.
Successful exploitation of this vulnerability could allow the attacker to
modify the device configuration or cause a DoS.
Solution
Apply appropriate updates as mentioned in:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-tp-cmd-inj-7ZpWhvZb
Vendor Information
CISCO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-tp-cmd-inj-7ZpWhvZb
References
CISCO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-tp-cmd-inj-7ZpWhvZb
CVE Name
CVE-2020-3336
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.