CVE-2020-26086— Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-26086
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
将资源暴露给错误范围
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco?TelePresence Collaboration Endpoint 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco?TelePresence Collaboration Endpoint(CE)是美国思科(Cisco)公司的一款使用在Cisco视频会议解决方案中的协作终端软件。 Cisco TelePresence Collaboration Endpoint (CE)中的video endpoint API (xAPI)存在访问控制错误漏洞,该漏洞可能允许经过身份验证的远程攻击者访问受影响设备上的敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) | n/a | - |
II. Public POCs for CVE-2020-26086
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-26086
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tele-info-DrEGLpDQvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2020-26086
Same Patch Batch · Cisco · 2020-11-06 · 27 CVEs total
| CVE-2020-3603 | 7.8 HIGH | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne |
| CVE-2020-3573 | 7.8 HIGH | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne |
| CVE-2020-3593 | 7.8 HIGH | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3594 | 7.8 HIGH | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3600 | 7.8 HIGH | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3604 | 7.8 HIGH | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne |
| CVE-2020-3595 | 7.8 HIGH | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3574 | 7.5 HIGH | Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability |
| CVE-2020-3588 | 7.3 HIGH | Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability |
| CVE-2020-3556 | 7.3 HIGH | Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability |
| CVE-2020-27129 | 6.7 MEDIUM | Cisco SD-WAN vManage Software Command Injection Vulnerability |
| CVE-2020-3592 | 6.5 MEDIUM | Cisco SD-WAN vManage Software Authorization Bypass Vulnerability |
| CVE-2020-26084 | 6.5 MEDIUM | Cisco Edge Fog Fabric Resource Exposure Vulnerability |
| CVE-2020-27128 | 6.5 MEDIUM | Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability |
| CVE-2020-3590 | 6.4 MEDIUM | Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability |
| CVE-2020-3587 | 6.4 MEDIUM | Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability |
| CVE-2020-3371 | 6.3 MEDIUM | Cisco Integrated Management Controller Command Injection Vulnerability |
| CVE-2020-3551 | 6.1 MEDIUM | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2020-27123 | 5.5 MEDIUM | Cisco AnyConnect Secure Mobility Client for Windows Arbitrary File Read Vulnerability |
| CVE-2020-26083 | 4.8 MEDIUM | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
Showing top 20 of 27 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Cisco TelePresence Endpoint Software (TC/CE)
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-668
- CVE-2026-41369
OpenClaw < 2026.3.31 - Insufficient Environment Variable San - CVE-2026-41368
OpenClaw < 2026.3.28 - Environment Variable Disclosure via j - CVE-2026-41362
OpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache - CVE-2026-6830
Nesquena Hermes WebUI Environment Variable Credential Leakag - CVE-2026-32690
Apache Airflow: 3.x - Nested Variable Secret Values Bypass R
V. Comments for CVE-2020-26086
No comments yet