CVE-2019-15273 — Improper Input Validation in Cisco Telepresence TC Software

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.2%

top 55.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence TC Software Cisco Telepresence Collaboration Endpoint

Timeline

PublishedOct 16

Latest updateMay 24

Description

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by authenticating as the remote support user and submitting malicious input to specific commands. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying filesystem. The attacke…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/telepresence_collaboration_endpoint< 9.8.1

▶CVEListV5cisco/cisco_telepresence_tc_softwareunspecified — n/a

🔴Vulnerability Details

GHSA

GHSA-8v75-pxmp-2vx3: Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwri↗2022-05-24

▶

CVEList

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities↗2019-10-16

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities↗2019-10-16

▶