Sign-up

ID

VAR-202105-0625


CVE

CVE-2021-1532


TITLE

Cisco TelePresence Collaboration Endpoint  Software and  Cisco RoomOS  Path traversal vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-006589

DESCRIPTION

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation of command arguments. An attacker could exploit this vulnerability by sending a crafted command request to the xAPI. A successful exploit could allow the attacker to read the contents of any file that is located on the device filesystem. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1532 // JVNDB: JVNDB-2021-006589 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374586 // VULMON: CVE-2021-1532

AFFECTED PRODUCTS

vendor:ciscomodel:roomosscope:ltversion:10.3.1

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:ltversion:9.15.3

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:ltversion:9.14.6

Trust: 1.0

vendor:ciscomodel:telepresence collaboration endpointscope:gteversion:9.15.0.11

Trust: 1.0

vendor:シスコシステムズmodel:cisco roomosscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco telepresence collaboration endpointscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006589 // NVD: CVE-2021-1532

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1532
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1532
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1532
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-197
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374586
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1532
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1532
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374586
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1532
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-1532
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374586 // VULMON: CVE-2021-1532 // JVNDB: JVNDB-2021-006589 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-197 // NVD: CVE-2021-1532 // NVD: CVE-2021-1532

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374586 // JVNDB: JVNDB-2021-006589 // NVD: CVE-2021-1532

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-197

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-tp-rmos-fileread-pE9sL3gurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-rmos-fileread-pE9sL3g

Trust: 0.8

title:Cisco TelePresence Collaboration Endpoint Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150794

Trust: 0.6

title:Cisco: Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Read Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-tp-rmos-fileread-pE9sL3g

Trust: 0.1

sources: VULMON: CVE-2021-1532 // JVNDB: JVNDB-2021-006589 // CNNVD: CNNVD-202105-197

EXTERNAL IDS

db:NVDid:CVE-2021-1532

Trust: 3.4

db:JVNDBid:JVNDB-2021-006589

Trust: 0.8

db:CNNVDid:CNNVD-202105-197

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1541

Trust: 0.6

db:CS-HELPid:SB2021050702

Trust: 0.6

db:VULHUBid:VHN-374586

Trust: 0.1

db:VULMONid:CVE-2021-1532

Trust: 0.1

sources: VULHUB: VHN-374586 // VULMON: CVE-2021-1532 // JVNDB: JVNDB-2021-006589 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-197 // NVD: CVE-2021-1532

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-tp-rmos-fileread-pe9sl3g

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1532

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1541

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050702

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374586 // VULMON: CVE-2021-1532 // JVNDB: JVNDB-2021-006589 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-197 // NVD: CVE-2021-1532

SOURCES

db:VULHUBid:VHN-374586
db:VULMONid:CVE-2021-1532
db:JVNDBid:JVNDB-2021-006589
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-197
db:NVDid:CVE-2021-1532

LAST UPDATE DATE

2024-08-14T13:00:49.118000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374586date:2021-05-14T00:00:00
db:VULMONid:CVE-2021-1532date:2021-05-14T00:00:00
db:JVNDBid:JVNDB-2021-006589date:2022-01-13T08:59:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-197date:2021-05-18T00:00:00
db:NVDid:CVE-2021-1532date:2023-11-07T03:28:33.253

SOURCES RELEASE DATE

db:VULHUBid:VHN-374586date:2021-05-06T00:00:00
db:VULMONid:CVE-2021-1532date:2021-05-06T00:00:00
db:JVNDBid:JVNDB-2021-006589date:2022-01-13T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-197date:2021-05-05T00:00:00
db:NVDid:CVE-2021-1532date:2021-05-06T13:15:11.130