Privilege escalation in Cisco TelePresence Collaboration Endpoint, TelePresence Codec and RoomOS

Published: 2019-11-08 | Updated: 2019-11-08
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-15288
CWE ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software Cisco TelePresence Codec (TC) Subscribe
Cisco TelePresence Collaboration Endpoint (CE)
Cisco RoomOS
Vendor Cisco Systems, Inc

Security Advisory

This security advisory describes one high risk vulnerability.

1) Input validation error

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-15288

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to escalate privileges to an unrestricted user of the restricted shell.

The vulnerability exists due to insufficient validation of user-supplied input in the CLI. A remote authenticated attacker can include specific arguments when opening an SSH connection to an affected device and gain unrestricted user access to the restricted shell of an affected device.

Note: This vulnerability affects Cisco RoomOS Software releases earlier than RoomOS September Drop 1 2019 that have the SSH feature enabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco TelePresence Codec (TC): 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 7.3.11, 7.3.12, 7.3.13, 7.3.14, 7.3.15, 7.3.16, 7.3.17, 7.3.18

Cisco TelePresence Collaboration Endpoint (CE): 9.0.1, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.0, 9.4.1, 9.4.2, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.6.1, 9.6.2, 9.6.3, 9.6.4, 9.7.0, 9.7.1, 9.7.2, 9.8.0

Cisco RoomOS: -

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roo...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.