CVE-2021-1532

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint (CE) Software (affected versions not specified) Cisco RoomOS Software (affected versions not specified)

Description A vulnerability in the video endpoint API (xAPI) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system due to insufficient path validation of command arguments. An attacker could exploit this by sending a crafted command request to the xAPI, potentially allowing them to read the contents of any file on the device filesystem.

Recommendations For Cisco TelePresence Collaboration Endpoint (CE) Software, consider restricting access to the xAPI until a fix is available. For Cisco RoomOS Software, consider disabling the xAPI functionality as a temporary workaround until a patch is available. Restrict access to sensitive files on the device filesystem to minimize the risk of exploitation.