CVE-2020-26068

Name of the Vulnerable Software and Affected Versions Cisco Telepresence CE Software (affected versions not specified) Cisco RoomOS Software (affected versions not specified)

Description A vulnerability in the xAPI service could allow an authenticated, remote attacker to generate an access token for an affected device due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token, potentially allowing them to enable experimental features on the device that should not be available to users.

Recommendations For Cisco Telepresence CE Software, consider disabling the xAPI service until a patch is available to prevent exploitation. For Cisco RoomOS Software, restrict access to the xAPI service to minimize the risk of exploitation. As a temporary workaround, consider disabling any features that rely on the generated access token until a patch is available.