Details of VAR-202011-0718

ID

VAR-202011-0718

CVE

CVE-2020-26086

TITLE

Cisco TelePresence Collaboration Endpoint Vulnerability in software leakage of resources to wrong area

Trust: 0.8

sources: JVNDB: JVNDB-2020-013256

DESCRIPTION

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information

Trust: 1.71

sources: NVD: CVE-2020-26086 // JVNDB: JVNDB-2020-013256 // VULHUB: VHN-180129

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence collaboration endpoint	scope:	lt	version:	9.14.3	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco telepresence collaboration endpoint	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013256 // NVD: CVE-2020-26086

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26086
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-26086
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-26086
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-318
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-180129
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-26086
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-180129
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-26086
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2020-26086
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-180129 // JVNDB: JVNDB-2020-013256 // CNNVD: CNNVD-202011-318 // NVD: CVE-2020-26086 // NVD: CVE-2020-26086

PROBLEMTYPE DATA

problemtype:	CWE-668	Trust: 1.1
problemtype:	Leakage of resources to the wrong area (CWE-668) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-180129 // JVNDB: JVNDB-2020-013256 // NVD: CVE-2020-26086

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-318

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202011-318

PATCH

title:	cisco-sa-tele-info-DrEGLpDQ	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tele-info-DrEGLpDQ	Trust: 0.8
title:	Cisco TelePresence Collaboration Endpoint Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132753	Trust: 0.6

sources: JVNDB: JVNDB-2020-013256 // CNNVD: CNNVD-202011-318

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26086	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013256	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-318	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3837	Trust: 0.6
db:	VULHUB	id:	VHN-180129	Trust: 0.1

sources: VULHUB: VHN-180129 // JVNDB: JVNDB-2020-013256 // CNNVD: CNNVD-202011-318 // NVD: CVE-2020-26086

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-tele-info-dreglpdq	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26086	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3837/	Trust: 0.6

sources: VULHUB: VHN-180129 // JVNDB: JVNDB-2020-013256 // CNNVD: CNNVD-202011-318 // NVD: CVE-2020-26086

SOURCES

db:	VULHUB	id:	VHN-180129
db:	JVNDB	id:	JVNDB-2020-013256
db:	CNNVD	id:	CNNVD-202011-318
db:	NVD	id:	CVE-2020-26086

LAST UPDATE DATE

2024-11-23T22:25:15.678000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-180129	date:	2020-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-013256	date:	2021-06-22T06:49:00
db:	CNNVD	id:	CNNVD-202011-318	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-26086	date:	2024-11-21T05:19:12.650

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-180129	date:	2020-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-013256	date:	2021-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202011-318	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-26086	date:	2020-11-06T19:15:13.250