CVE-2020-3336— Cisco RoomOS Software和TelePresence Collaboration Endpoint Software 操作系统命令注入漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2020-3336の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. The vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending requests with malformed parameters to the system using the console, Secure Shell (SSH), or web API. A successful exploit could allow the attacker to modify the device configuration or cause a DoS.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Cisco RoomOS Software和TelePresence Collaboration Endpoint Software 操作系统命令注入漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Cisco RoomOS Software和Cisco TelePresence Collaboration Endpoint Software都是美国思科(Cisco)公司的产品。Cisco RoomOS Software是一套用于Cisco设备的自动管理软件。该软件主要用于升级、管理Cisco设备的主板固件。Cisco TelePresence Collaboration Endpoint Software是一套协作终端软件。 Cisco TelePresence Collaboration Endp
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Cisco | Cisco TelePresence CE Software | n/a | - |
II. CVE-2020-3336の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2020-3336のインテリジェンス情報
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-cmd-inj-7ZpWhvZbvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2020-3336
Same Patch Batch · Cisco · 2020-06-18 · 38 CVEs total
| CVE-2020-3361 | 8.1 HIGH | Cisco Webex Meetings and Cisco Webex Meetings Server Token Handling Unauthorized Access Vu |
| CVE-2020-3350 | 5.5 MEDIUM | Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability |
| CVE-2020-3362 | 4.7 MEDIUM | Cisco Network Services Orchestrator Information Disclosure Vulnerability |
| CVE-2020-3292 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabili | |
| CVE-2020-3342 | Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability | |
| CVE-2020-3337 | Cisco Umbrella Open Redirect Vulnerability | |
| CVE-2020-3296 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabili | |
| CVE-2020-3295 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabili | |
| CVE-2020-3294 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabili | |
| CVE-2020-3293 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabili | |
| CVE-2020-3354 | Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability | |
| CVE-2020-3291 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabili | |
| CVE-2020-3290 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabili | |
| CVE-2020-3289 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabili | |
| CVE-2020-3288 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabili | |
| CVE-2020-3287 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabili | |
| CVE-2020-3286 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabili | |
| CVE-2020-3279 | Cisco Small Business RV Series Routers Command Injection Vulnerabilities | |
| CVE-2020-3278 | Cisco Small Business RV Series Routers Command Injection Vulnerabilities | |
| CVE-2020-3277 | Cisco Small Business RV Series Routers Command Injection Vulnerabilities |
Showing 20 of 38 CVEs. View all on vendor page →
IV. 関連脆弱性
同じベンダー: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
同じ弱点: CWE-78
- CVE-2026-8273
D-Link DNS-320 system_mgr.cgi cgi_merge_user os command inje - CVE-2026-8272
D-Link DNS-320 webfile_mgr.cgi chown os command injection - CVE-2026-8271
D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command inje - CVE-2026-8265
Tenda AC6 httpd getLogFile get_log_file os command injection - CVE-2026-8264
Tenda AC6 httpd WifiApScan formWifiApScan os command injecti
V. CVE-2020-3336へのコメント
まだコメントはありません