Rewterz Threat Alert – Increased Activity of Emotet
January 23, 2020Rewterz Threat Alert – Nodera Ransomware
January 24, 2020Rewterz Threat Alert – Increased Activity of Emotet
January 23, 2020Rewterz Threat Alert – Nodera Ransomware
January 24, 2020Severity
High
Analysis Summary
The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.
Impact
Directory traversal attack
Affected Vendors
Cisco
Affected Products
- Cisco TelePresence Integrator C Series
- Cisco TelePresence MX Series
- Cisco TelePresence SX Series
- Cisco TelePresence System EX Series
- Cisco Webex Board
- Cisco Webex DX Series
- Cisco Webex Room Series
Remediation
Please refer to vendor’s advisory for the list of affected products and patches.