CVE-2020-3336

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software (affected versions not specified)

Description A vulnerability in the software upgrade process could allow an authenticated, remote attacker to modify the filesystem, causing a denial of service (DoS) or gaining privileged access to the root filesystem. This issue is due to insufficient input validation. An attacker with administrative privileges could exploit this by sending requests with malformed parameters to the system using the console, Secure Shell (SSH), or web API. A successful exploit could allow the attacker to modify the device configuration or cause a DoS.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.