CVE-2020-26086

MEDIUM

Cisco Telepresence Collaboration Endpoint - Exposure to Wrong Actor

Title source: rule

Description

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tele-info-DrEGLpDQ

Scores

CVSS v3 4.3

EPSS 0.0017

EPSS Percentile 38.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (1)

cisco/telepresence_collaboration_endpoint < 9.14.3

Timeline

Published Nov 06, 2020

Tracked Since Feb 18, 2026