Lucene search

CiscoCVE-2019-12622

HistoryAug 21, 2019 - 6:15 p.m.

CVE-2019-12622

2019-08-2118:15:13

CWE-275

cisco

web.nvd.nist.gov

cisco

roomos

software

vulnerability

authenticated attacker

root privileges

nvd

cve-2019-12622

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.

Affected configurations

Nvd

Node

ciscotelepresence_codec_c40Match-

AND

ciscotelepresence_codec_c40_firmwareMatch-

Node

ciscotelepresence_codec_c60Match-

AND

ciscotelepresence_codec_c60_firmwareMatch-

Node

ciscotelepresence_codec_c90Match-

AND

ciscotelepresence_codec_c90_firmwareMatch-

Node

ciscoroomosRange≤9.7.2

ciscoroomosRange9.7.3–9.8.0

VendorProductVersionCPE
ciscotelepresence_codec_c40-cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*
ciscotelepresence_codec_c40_firmware-cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*
ciscotelepresence_codec_c60-cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*
ciscotelepresence_codec_c60_firmware-cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*
ciscotelepresence_codec_c90-cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*
ciscotelepresence_codec_c90_firmware-cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*
ciscoroomos*cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_codec_c40	-	cpe:2.3:h:cisco:telepresence_codec_c40:-:::::::*
cisco	telepresence_codec_c40_firmware	-	cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:::::::*
cisco	telepresence_codec_c60	-	cpe:2.3:h:cisco:telepresence_codec_c60:-:::::::*
cisco	telepresence_codec_c60_firmware	-	cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:::::::*
cisco	telepresence_codec_c90	-	cpe:2.3:h:cisco:telepresence_codec_c90:-:::::::*
cisco	telepresence_codec_c90_firmware	-	cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:::::::*
cisco	roomos	*	cpe:2.3:o:cisco:roomos::::::::

CNA Affected

[
  {
    "product": "Cisco TelePresence CE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "ce-9.7.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-12622