CVE-2019-12622Cisco Telepresence CE Software vulnerability

CWE-2754 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 82.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Telepresence CE SoftwareCisco Roomos
Timeline
PublishedAug 21
Latest updateMay 24

Description

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/roomos< 9.8.0+1
CVEListV5cisco/cisco_telepresence_ce_softwareunspecifiedce-9.7.3

🔴Vulnerability Details

2
GHSA
GHSA-cw6x-mqv8-rmmr: A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges2022-05-24
CVEList
Cisco RoomOS Software Privilege Escalation Vulnerability2019-08-21

📋Vendor Advisories

1
Cisco
Cisco RoomOS Software Privilege Escalation Vulnerability2019-08-21
CVE-2019-12622 — Cisco vulnerability | cvebase