Lucene search

CiscoCVE-2019-15289

HistorySep 23, 2020 - 1:15 a.m.

CVE-2019-15289

2020-09-2301:15:12

CWE-20

cisco

web.nvd.nist.gov

cve-2019-15289

cisco

telepresence

collaboration endpoint

roomos software

dos

denial of service

nvd

vulnerability

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted traffic to the video service of an affected endpoint. A successful exploit could allow the attacker to cause the video service to crash, resulting in a DoS condition on an affected device.

Affected configurations

Nvd

Node

ciscowebex_board_55Match-

ciscowebex_board_55sMatch-

ciscowebex_board_70Match-

ciscowebex_board_70sMatch-

ciscowebex_board_85sMatch-

AND

ciscoroomosMatch-

ciscotelepresence_collaboration_endpointRange<9.8.0

VendorProductVersionCPE
ciscowebex_board_55-cpe:2.3:h:cisco:webex_board_55:-:*:*:*:*:*:*:*
ciscowebex_board_55s-cpe:2.3:h:cisco:webex_board_55s:-:*:*:*:*:*:*:*
ciscowebex_board_70-cpe:2.3:h:cisco:webex_board_70:-:*:*:*:*:*:*:*
ciscowebex_board_70s-cpe:2.3:h:cisco:webex_board_70s:-:*:*:*:*:*:*:*
ciscowebex_board_85s-cpe:2.3:h:cisco:webex_board_85s:-:*:*:*:*:*:*:*
ciscoroomos-cpe:2.3:a:cisco:roomos:-:*:*:*:*:*:*:*
ciscotelepresence_collaboration_endpoint*cpe:2.3:a:cisco:telepresence_collaboration_endpoint:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_board_55	-	cpe:2.3:h:cisco:webex_board_55:-:::::::*
cisco	webex_board_55s	-	cpe:2.3:h:cisco:webex_board_55s:-:::::::*
cisco	webex_board_70	-	cpe:2.3:h:cisco:webex_board_70:-:::::::*
cisco	webex_board_70s	-	cpe:2.3:h:cisco:webex_board_70s:-:::::::*
cisco	webex_board_85s	-	cpe:2.3:h:cisco:webex_board_85s:-:::::::*
cisco	roomos	-	cpe:2.3:a:cisco:roomos:-:::::::*
cisco	telepresence_collaboration_endpoint	*	cpe:2.3:a:cisco:telepresence_collaboration_endpoint::::::::

CNA Affected

[
  {
    "product": "Cisco TelePresence TC Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roomos-dos

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

Related for CVE-2019-15289