CVE-2022-20776

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint (CE) Software (affected versions not specified) Cisco RoomOS Software (affected versions not specified)

Description The issue is related to incorrect directory path restriction in the xAPI component of the Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software. This could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device by exploiting the vulnerability with a specially crafted request and an active Administrator account.

Recommendations For Cisco TelePresence Collaboration Endpoint (CE) Software, consider restricting access to the xAPI component until a patch is available. For Cisco RoomOS Software, consider disabling the xAPI component temporarily to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.