|Number of vulnerabilities||1|
|CVE ID|| CVE-2019-15288
|CWE ID|| CWE-20
Cisco TelePresence Codec (TC)
Server applications / Conferencing, Collaboration and VoIP solutions
Cisco TelePresence Collaboration Endpoint (CE)
Hardware solutions / Office equipment, IP-phones, print servers
Operating systems & Components / Operating system
|Vendor||Cisco Systems, Inc|
This security advisory describes one high risk vulnerability.
The vulnerability allows a remote attacker to escalate privileges to an unrestricted user of the restricted shell.
The vulnerability exists due to insufficient validation of user-supplied input in the CLI. A remote authenticated attacker can include specific arguments when opening an SSH connection to an affected device and gain unrestricted user access to the restricted shell of an affected device.
Note: This vulnerability affects Cisco RoomOS Software releases earlier than RoomOS September Drop 1 2019 that have the SSH feature enabled.Mitigation
Install updates from vendor's website.Vulnerable software versions
Cisco TelePresence Codec (TC): 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 7.3.11, 7.3.12, 7.3.13, 7.3.14, 7.3.15, 7.3.16, 7.3.17, 7.3.18
Cisco TelePresence Collaboration Endpoint (CE): 9.0.1, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.0, 9.4.1, 9.4.2, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.6.1, 9.6.2, 9.6.3, 9.6.4, 9.7.0, 9.7.1, 9.7.2, 9.8.0
Cisco RoomOS: -CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.