CVE-2019-1878OS Command Injection in Cisco Telepresence TC Software

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGHNVD
CNA7.5
EPSS
0.2%
top 55.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Telepresence TC SoftwareCisco Telepresence CECisco Telepresence TC
Timeline
PublishedJun 20
Latest updateMay 24

Description

A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to exe

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5cisco/cisco_telepresence_tc_softwareunspecified9.7.1
NVDcisco/telepresence_ce8.0.08.3.7+2
NVDcisco/telepresence_tc7.0.07.3.17

🔴Vulnerability Details

2
GHSA
GHSA-fmx5-8rj6-q372: A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software co2022-05-24
CVEList
Cisco TelePresence Endpoint Command Shell Injection Vulnerability2019-06-20

📋Vendor Advisories

1
Cisco
Cisco TelePresence Endpoint Command Shell Injection Vulnerability2019-06-19
CVE-2019-1878 — OS Command Injection in Cisco | cvebase