Lucene search

CiscoCVE-2019-15962

HistoryOct 16, 2019 - 7:15 p.m.

CVE-2019-15962

2019-10-1619:15:15

CWE-276

CWE-275

cisco

web.nvd.nist.gov

vulnerability

cli

cisco

telepresence

collaboration endpoint

ce software

authenticated

local attacker

write files

root directory

nvd

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device.

Affected configurations

Nvd

Node

ciscotelepresence_collaboration_endpointMatch7.3.18

ciscotelepresence_collaboration_endpointMatch8.3.7

ciscotelepresence_collaboration_endpointMatch9.6.4

ciscotelepresence_collaboration_endpointMatch9.7.2

ciscotelepresence_collaboration_endpointMatch9.8.0

AND

ciscowebex_board_55Match-

ciscowebex_board_55sMatch-

ciscowebex_board_70Match-

ciscowebex_board_70sMatch-

ciscowebex_board_85sMatch-

ciscowebex_room_55Match-

ciscowebex_room_55_dualMatch-

ciscowebex_room_70_dualMatch-

ciscowebex_room_70_dual_g2Match-

ciscowebex_room_70_singleMatch-

ciscowebex_room_70_single_g2Match-

ciscowebex_room_kitMatch-

ciscowebex_room_kit_miniMatch-

VendorProductVersionCPE
ciscotelepresence_collaboration_endpoint7.3.18cpe:2.3:a:cisco:telepresence_collaboration_endpoint:7.3.18:*:*:*:*:*:*:*
ciscotelepresence_collaboration_endpoint8.3.7cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.7:*:*:*:*:*:*:*
ciscotelepresence_collaboration_endpoint9.6.4cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.6.4:*:*:*:*:*:*:*
ciscotelepresence_collaboration_endpoint9.7.2cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.7.2:*:*:*:*:*:*:*
ciscotelepresence_collaboration_endpoint9.8.0cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.8.0:*:*:*:*:*:*:*
ciscowebex_board_55-cpe:2.3:h:cisco:webex_board_55:-:*:*:*:*:*:*:*
ciscowebex_board_55s-cpe:2.3:h:cisco:webex_board_55s:-:*:*:*:*:*:*:*
ciscowebex_board_70-cpe:2.3:h:cisco:webex_board_70:-:*:*:*:*:*:*:*
ciscowebex_board_70s-cpe:2.3:h:cisco:webex_board_70s:-:*:*:*:*:*:*:*
ciscowebex_board_85s-cpe:2.3:h:cisco:webex_board_85s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_collaboration_endpoint	7.3.18	cpe:2.3:a:cisco:telepresence_collaboration_endpoint:7.3.18:::::::*
cisco	telepresence_collaboration_endpoint	8.3.7	cpe:2.3:a:cisco:telepresence_collaboration_endpoint:8.3.7:::::::*
cisco	telepresence_collaboration_endpoint	9.6.4	cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.6.4:::::::*
cisco	telepresence_collaboration_endpoint	9.7.2	cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.7.2:::::::*
cisco	telepresence_collaboration_endpoint	9.8.0	cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.8.0:::::::*
cisco	webex_board_55	-	cpe:2.3:h:cisco:webex_board_55:-:::::::*
cisco	webex_board_55s	-	cpe:2.3:h:cisco:webex_board_55s:-:::::::*
cisco	webex_board_70	-	cpe:2.3:h:cisco:webex_board_70:-:::::::*
cisco	webex_board_70s	-	cpe:2.3:h:cisco:webex_board_70s:-:::::::*
cisco	webex_board_85s	-	cpe:2.3:h:cisco:webex_board_85s:-:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "Cisco TelePresence TC Software",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-filewrite

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-15962