CVE-2020-3336
Description
A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. The vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending requests with malformed parameters to the system using the console, Secure Shell (SSH), or web API. A successful exploit could allow the attacker to modify the device configuration or cause a DoS.
Risk Information
Base Score
7.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.028
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability For Cisco Telepresence Integrator C Series | NCM |
| Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability (CVE-2020-3336) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706043 | Security Update for Cisco Telepresence Integrator C Series 9.1.1 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234