Main Vulnerability Database Vulnerabilities #VU20382

Permissions, Privileges, and Access Controls in Cisco RoomOS - CVE-2019-12622

Published: August 23, 2019 / Updated: August 26, 2019

Vulnerability identifier: #VU20382

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-12622

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco RoomOS

Detailed vulnerability description

The vulnerability allows a remote attacker to write files to the underlying filesystem

The vulnerability exists due to insufficient permission restrictions on a specific process. A local authenticated attacker can log in to an affected device with remote support credentials, initiate the specific process on the device, send crafted data to that process and write files to the underlying file system with root privileges.

How to mitigate CVE-2019-12622

Install updates from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc

Permissions, Privileges, and Access Controls in Cisco RoomOS - CVE-2019-12622

Detailed vulnerability description

How to mitigate CVE-2019-12622

Sources

Please verify you're human