Vulnerabilites related to cisco - telepresence_codec_c60_firmware
Vulnerability from fkie_nvd
Published
2020-03-04 19:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:intelligence_proximity:*:*:*:*:*:*:*:*", matchCriteriaId: "A97A1FAC-E2A3-4EC1-9868-9FAD1A97E16A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber:*:*:*:*:*:*:*:*", matchCriteriaId: "4313200E-9FAF-457D-9DBE-E15623A3C62A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:meeting:*:*:*:*:*:*:*:*", matchCriteriaId: "A87CDF74-180B-48BC-907C-85F6C52FFE90", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*", matchCriteriaId: "0274B4FE-AB78-412C-A837-DB9C9E7F51A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_teams:*:*:*:*:*:*:*:*", matchCriteriaId: "3D78AB0F-AD39-46DE-AE43-D9DABE24DF8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1AF8E71F-0EDA-473A-A673-E29CAC50C256", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*", matchCriteriaId: "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7549095E-BC00-449F-98AD-2FDF61506AB0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*", matchCriteriaId: "0754B77C-E888-461E-AA1E-74B78DA59B78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "53020625-037E-46A9-B970-C30802BDC111", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*", matchCriteriaId: "0BFF6AA3-4850-40A3-8211-82F60F14ACD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.", }, { lang: "es", value: "Una vulnerabilidad en la implementación SSL de la solución Cisco Intelligent Proximity, podría permitir a un atacante remoto no autenticado visualizar o modificar la información compartida en los dispositivos de video Cisco Webex y los endpoints de colaboración de Cisco si los productos cumplen con las condiciones descritas en la sección de Productos Vulnerables. La vulnerabilidad es debido a la falta de comprobación del certificado del servidor SSL recibido cuando se establece una conexión a un dispositivo de video Cisco Webex o un endpoint de colaboración de Cisco. Un atacante podría explotar esta vulnerabilidad al usar técnicas de tipo man in the middle (MITM) para interceptar el tráfico entre el cliente afectado y un endpoint, y luego utilizar un certificado falsificado para suplantar el endpoint. Dependiendo de la configuración del endpoint, una explotación podría permitir al atacante visualizar el contenido de presentación compartido en él, modificar cualquier contenido presentado por la víctima o tener acceso a los controles de llamadas. Esta vulnerabilidad no afecta a los endpoints de colaboración registrados en la nube.", }, ], id: "CVE-2020-3155", lastModified: "2024-11-21T05:30:26.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "ykramarz@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-04T19:15:12.697", references: [ { source: "ykramarz@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB", }, ], sourceIdentifier: "ykramarz@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "ykramarz@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 18:15
Modified
2024-11-21 04:23
Severity ?
Summary
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | telepresence_codec_c40_firmware | - | |
cisco | telepresence_codec_c40 | - | |
cisco | telepresence_codec_c60_firmware | - | |
cisco | telepresence_codec_c60 | - | |
cisco | telepresence_codec_c90_firmware | - | |
cisco | telepresence_codec_c90 | - | |
cisco | roomos | * | |
cisco | roomos | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1AF8E71F-0EDA-473A-A673-E29CAC50C256", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*", matchCriteriaId: "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7549095E-BC00-449F-98AD-2FDF61506AB0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*", matchCriteriaId: "0754B77C-E888-461E-AA1E-74B78DA59B78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "53020625-037E-46A9-B970-C30802BDC111", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*", matchCriteriaId: "0BFF6AA3-4850-40A3-8211-82F60F14ACD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*", matchCriteriaId: "4C266A27-F825-459A-855F-F2601832E014", versionEndIncluding: "9.7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*", matchCriteriaId: "E95BCCD3-AE74-409D-836F-D92747B2402D", versionEndExcluding: "9.8.0", versionStartExcluding: "9.7.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.", }, { lang: "es", value: "Una vulnerabilidad en el software Cisco RoomOS podría permitir que un atacante local autenticado escriba archivos en el sistema de archivos subyacente con privilegios de root. La vulnerabilidad se debe a restricciones de permisos insuficientes en un proceso específico. Un atacante podría aprovechar esta vulnerabilidad iniciando sesión en un dispositivo afectado con credenciales de soporte remoto e iniciando el proceso específico en el dispositivo y enviando datos diseñados a ese proceso. Una explotación exitosa podría permitir al atacante escribir archivos en el sistema de archivos subyacente con privilegios de root.", }, ], id: "CVE-2019-12622", lastModified: "2024-11-21T04:23:12.533", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 0.5, impactScore: 3.6, source: "ykramarz@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T18:15:13.430", references: [ { source: "ykramarz@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc", }, ], sourceIdentifier: "ykramarz@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-275", }, ], source: "ykramarz@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-23 01:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ex60_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "25AE211E-E216-456C-A418-54A9F1D4A528", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ex60:-:*:*:*:*:*:*:*", matchCriteriaId: "4DCB5C6D-7E0A-4C3C-953A-DE9176060335", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ex90_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "50D1F2D2-17F2-4A96-AF6B-DFFE5FDF6E9A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ex90:-:*:*:*:*:*:*:*", matchCriteriaId: "92DC52BD-9704-4406-9F8B-44049A18BC8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:sx10_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "46CAB451-2370-4FDA-981A-2402BCA610DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:sx10:-:*:*:*:*:*:*:*", matchCriteriaId: "318D0E10-B389-45A7-8B53-F515C0E8CA31", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:sx20_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2EFB48F0-3B5A-4DD2-BB68-38BA42043DA8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:sx20:-:*:*:*:*:*:*:*", matchCriteriaId: "18EB7279-FB2E-433D-A6DA-5E5E94725C27", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:sx80_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B803447B-B889-41DE-8254-BBEF0D664FC0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:sx80:-:*:*:*:*:*:*:*", matchCriteriaId: "BD91FCB6-AF82-4425-BBBC-7CDD8CBF7978", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1AF8E71F-0EDA-473A-A673-E29CAC50C256", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*", matchCriteriaId: "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7549095E-BC00-449F-98AD-2FDF61506AB0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*", matchCriteriaId: "0754B77C-E888-461E-AA1E-74B78DA59B78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "53020625-037E-46A9-B970-C30802BDC111", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*", matchCriteriaId: "0BFF6AA3-4850-40A3-8211-82F60F14ACD3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_mx200_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "70567CFE-DEBD-4285-BB11-6EDC94126949", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_mx200:-:*:*:*:*:*:*:*", matchCriteriaId: "392D3BBE-8C2D-4643-95DB-79CF5CEDBC6A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_mx300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CC55F6C2-D7FA-4BCA-961E-4994F577D151", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_mx300:-:*:*:*:*:*:*:*", matchCriteriaId: "63ED55F5-C88A-463D-9D5D-347D8C85AC43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_mx700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A7F13426-3904-4A07-B1B9-1464F5E083DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_mx700:-:*:*:*:*:*:*:*", matchCriteriaId: "89C485F0-17FF-4785-ABF1-BC6CB38196E5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:telepresence_mx800_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EF15695E-752D-4C94-9A77-0BB56F10CA1F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:telepresence_mx800:-:*:*:*:*:*:*:*", matchCriteriaId: "16DE9D91-7C80-4BDB-B4B4-FACD56957999", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:webex_board_55_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "61A0EF95-7CC5-4EE2-A5D8-803195F63F49", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:webex_board_55:-:*:*:*:*:*:*:*", matchCriteriaId: "E6554B9F-CD89-49B4-B55A-510B1C881C4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:webex_board_55s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "68546316-D08D-4E0B-BDDE-BF6320B730EB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:webex_board_55s:-:*:*:*:*:*:*:*", matchCriteriaId: "5D0EC6FF-44F6-4033-BDAF-A396C2635D3F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:webex_board_70_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "85FDA9FB-BB79-4A60-B825-D68B3719BFE3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:webex_board_70:-:*:*:*:*:*:*:*", matchCriteriaId: "A85B502B-2F55-4CA5-9AAA-0CD5BBA45EB7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:webex_board_70s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5565DF04-82F3-40C7-8E82-44A0DA72398B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:webex_board_70s:-:*:*:*:*:*:*:*", matchCriteriaId: "15073B83-81ED-4E98-8521-1320F8120C3F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:webex_board_85s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2CA125CA-2BF9-4F22-8F8B-DC2E09A19E51", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:webex_board_85s:-:*:*:*:*:*:*:*", matchCriteriaId: "31842684-B05D-4E17-9229-EC6993E78612", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:webex_dx70_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "69224767-0E2B-4A85-A7F1-77C6B41668DE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:webex_dx70:-:*:*:*:*:*:*:*", matchCriteriaId: "5EEB693F-64A4-46CC-B7AB-8BC0AA84F9E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:webex_dx80_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "53BE3D06-730E-44E2-B3B0-ED29AB5D1BF1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:webex_dx80:-:*:*:*:*:*:*:*", matchCriteriaId: "C17B385C-68D5-4FF5-AE40-6EDA46E3ACB7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:webex_room_55_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "90095155-ABC0-43C9-896A-55A797EC2055", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:webex_room_55:-:*:*:*:*:*:*:*", matchCriteriaId: "9A983D4D-9E04-45CE-BE3C-9FCD0018837F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:webex_room_70_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CA1BD59F-078D-45D2-AC39-C479A4C6E7CA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:webex_room_70:-:*:*:*:*:*:*:*", matchCriteriaId: "AD45F341-FAD8-4B10-B28C-8697E51C6B61", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.", }, { lang: "es", value: "Una vulnerabilidad en la API del endpoint de video (xAPI) de Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, y Cisco RoomOS Software, podría permitir a un atacante remoto autenticado conducir ataques de salto de directorio en un dispositivo afectado. La vulnerabilidad es debido a una comprobación insuficiente de la entrada suministrada por el usuario para la xAPI del software afectado. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición diseñada hacia la xAPI. Una explotación con éxito podría permitir al atacante leer y escribir archivos arbitrarios en el sistema. Para explotar esta vulnerabilidad, un atacante podría necesitar un In-Room Control o una cuenta de administrador", }, ], id: "CVE-2020-3143", lastModified: "2024-11-21T05:30:24.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "ykramarz@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-23T01:15:15.410", references: [ { source: "ykramarz@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ", }, ], sourceIdentifier: "ykramarz@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "ykramarz@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2020-3155
Vulnerability from cvelistv5
Published
2020-03-04 18:40
Modified
2024-11-15 17:35
Severity ?
EPSS score ?
Summary
A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB | vendor-advisory, x_refsource_CISCO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco Jabber IM for Android |
Version: unspecified < n/a |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:24:00.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200304 Cisco Intelligent Proximity SSL Certificate Validation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3155", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:24:52.847042Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T17:35:03.469Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Jabber IM for Android", vendor: "Cisco", versions: [ { lessThan: "n/a", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2020-03-04T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-04T18:40:32", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200304 Cisco Intelligent Proximity SSL Certificate Validation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB", }, ], source: { advisory: "cisco-sa-proximity-ssl-cert-gBBu3RB", defect: [ [ "CSCvr90871", ], ], discovery: "INTERNAL", }, title: "Cisco Intelligent Proximity SSL Certificate Validation Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-03-04T16:00:00-0800", ID: "CVE-2020-3155", STATE: "PUBLIC", TITLE: "Cisco Intelligent Proximity SSL Certificate Validation Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Jabber IM for Android", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.4", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-295", }, ], }, ], }, references: { reference_data: [ { name: "20200304 Cisco Intelligent Proximity SSL Certificate Validation Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB", }, ], }, source: { advisory: "cisco-sa-proximity-ssl-cert-gBBu3RB", defect: [ [ "CSCvr90871", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3155", datePublished: "2020-03-04T18:40:32.322145Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-15T17:35:03.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3143
Vulnerability from cvelistv5
Published
2020-09-23 00:25
Modified
2024-11-13 18:06
Severity ?
EPSS score ?
Summary
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ | vendor-advisory, x_refsource_CISCO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco TelePresence TC Software |
Version: n/a |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:24:00.620Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200122 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3143", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:18:05.411231Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T18:06:58.585Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco TelePresence TC Software", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-01-22T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-23T00:25:21", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200122 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ", }, ], source: { advisory: "cisco-sa-telepresence-path-tr-wdrnYEZZ", defect: [ [ "CSCvs45241", "CSCvs67675", "CSCvs67680", ], ], discovery: "INTERNAL", }, title: "Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-01-22T16:00:00", ID: "CVE-2020-3143", STATE: "PUBLIC", TITLE: "Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco TelePresence TC Software", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "8.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "20200122 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ", }, ], }, source: { advisory: "cisco-sa-telepresence-path-tr-wdrnYEZZ", defect: [ [ "CSCvs45241", "CSCvs67675", "CSCvs67680", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3143", datePublished: "2020-09-23T00:25:21.647542Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-13T18:06:58.585Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12622
Vulnerability from cvelistv5
Published
2019-08-21 18:00
Modified
2024-11-21 19:16
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc | vendor-advisory, x_refsource_CISCO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco TelePresence CE Software |
Version: unspecified < ce-9.7.3 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:39.147Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190821 Cisco RoomOS Software Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-12622", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:57:17.568865Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:16:06.906Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco TelePresence CE Software", vendor: "Cisco", versions: [ { lessThan: "ce-9.7.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-08-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-275", description: "CWE-275", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T18:00:23", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190821 Cisco RoomOS Software Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc", }, ], source: { advisory: "cisco-sa-20190821-roomos-privesc", defect: [ [ "CSCvp79711", ], ], discovery: "INTERNAL", }, title: "Cisco RoomOS Software Privilege Escalation Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-08-21T16:00:00-0700", ID: "CVE-2019-12622", STATE: "PUBLIC", TITLE: "Cisco RoomOS Software Privilege Escalation Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco TelePresence CE Software", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "ce-9.7.3", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.1", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-275", }, ], }, ], }, references: { reference_data: [ { name: "20190821 Cisco RoomOS Software Privilege Escalation Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc", }, ], }, source: { advisory: "cisco-sa-20190821-roomos-privesc", defect: [ [ "CSCvp79711", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-12622", datePublished: "2019-08-21T18:00:23.216856Z", dateReserved: "2019-06-04T00:00:00", dateUpdated: "2024-11-21T19:16:06.906Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }