CVE-2019-15967Improper Access Control in Cisco Telepresence TC Software

CWE-284Improper Access Control4 documents4 sources
Severity
4.4MEDIUMNVD
EPSS
0.2%
top 64.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Telepresence TC SoftwareCisco RoomosCisco Telepresence Collaboration Endpoint
Timeline
PublishedNov 26
Latest updateMay 24

Description

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit this vulnerability by gaining unrestricted access to the restricted shell and using the specific debug commands. A successful exploit could allow the attacker to enable the microphone of an affected devi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5cisco/cisco_telepresence_tc_softwareunspecifiedn/a
NVDcisco/roomos< 2019-09-drop1

🔴Vulnerability Details

2
GHSA
GHSA-c6pw-c5gr-43f6: A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to2022-05-24
CVEList
Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability2019-11-26

📋Vendor Advisories

1
Cisco
Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability2019-11-06
CVE-2019-15967 — Improper Access Control in Cisco | cvebase