Privilege escalation in Cisco TelePresence Collaboration Endpoint, TelePresence Codec and RoomOS



Published: 2019-11-08
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-15288
CWE ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Cisco TelePresence Codec (TC)
Server applications / Conferencing, Collaboration and VoIP solutions

Cisco TelePresence Collaboration Endpoint (CE)
Hardware solutions / Office equipment, IP-phones, print servers

Cisco RoomOS
Operating systems & Components / Operating system

Vendor Cisco Systems, Inc

Security Advisory

This security advisory describes one high risk vulnerability.

1) Input validation error

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-15288

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to escalate privileges to an unrestricted user of the restricted shell.

The vulnerability exists due to insufficient validation of user-supplied input in the CLI. A remote authenticated attacker can include specific arguments when opening an SSH connection to an affected device and gain unrestricted user access to the restricted shell of an affected device.

Note: This vulnerability affects Cisco RoomOS Software releases earlier than RoomOS September Drop 1 2019 that have the SSH feature enabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco TelePresence Codec (TC): 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 7.3.11, 7.3.12, 7.3.13, 7.3.14, 7.3.15, 7.3.16, 7.3.17, 7.3.18

Cisco TelePresence Collaboration Endpoint (CE): 9.0.1, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.0, 9.4.1, 9.4.2, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.6.1, 9.6.2, 9.6.3, 9.6.4, 9.7.0, 9.7.1, 9.7.2, 9.8.0

Cisco RoomOS: -

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roo...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.