Kai Fleischman

**Name of the Vulnerable Software and Affected Versions** Cisco TelePresence CE and RoomOS (affected versions not specified) **Description** A vulnerability in the software could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This issue exists due to improper bounds checks, which could be exploited by sending a crafted request to an affected device, potentially allowing an out-of-bounds read that discloses sensitive information. The vulnerability is specifically related to a buffer data boundary read issue, which could be exploited by a remote attacker to access confidential data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco TelePresence Collaboration Endpoint (CE) Software (affected versions not specified) Cisco RoomOS Software (affected versions not specified) **Description** The issue is related to insufficient input validation in the implementation of the application programming interface of the Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS software. This could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. **Recommendations** For Cisco TelePresence Collaboration Endpoint (CE) Software, consider restricting access to sensitive data and files until a patch is available. For Cisco RoomOS Software, as a temporary workaround, consider disabling any functionality that allows writing arbitrary files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.