CVE-2020-26068

CVE Database · CVE-2020-26068

CVE-2020-26068

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.72%

Published

Nov 18, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-639CWE-639

Affected Products (3)

cisco · roomosvulnerable

cisco · telepresence_collaboration_endpoint (up to 9.10.3)vulnerable

cisco · telepresence_collaboration_endpoint (up to 9.12.4)vulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-uathracc-jWNESUfM

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-uathracc-jWNESUfM

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs