CVE-2020-26068
Last modified
CVE-2020-26068 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. EPSS estimates a 0.72% chance of exploitation in the next 30 days.
Description
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Roomos | All versions |
| Cisco | Telepresence Collaboration Endpoint | >= 9.10.0, < 9.10.3 |
| Cisco | Telepresence Collaboration Endpoint | >= 9.12.0, < 9.12.4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-26068?
How severe is CVE-2020-26068?
How do I fix CVE-2020-26068?
Are you affected by CVE-2020-26068?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST