cnvd - cnvd-2019-18855

CNVD-2019-18855

Vulnerability from cnvd - Published: 2019-06-21

Title

Cisco Meeting Server CLI命令注入漏洞

Description

Cisco Meeting Server是Cisco推出的视频会议解决方案，该产品将基于场所的视频、音频及Web通信结合在一起，以满足现代工作场所的协作需求。 Cisco Meeting Server的CLI配置shell存在命令注入漏洞。该漏洞源于在执行有漏洞的CLI命令期间输入验证不足。具有管理员级凭据的本地认证攻击者可通过在命令执行期间注入特制参数利用该漏洞在受影响的产品上以root身份执行任意代码。

Severity

中

Patch Name

Cisco Meeting Server CLI命令注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cms-codex

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cms-codex

Impacted products

Name
['Cisco Meeting Server 2.2.，<2.2.14', 'Cisco Meeting Server 2.3.，<2.3.8']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1623",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-1623"
    }
  },
  "description": "Cisco Meeting Server\u662fCisco\u63a8\u51fa\u7684\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\uff0c\u8be5\u4ea7\u54c1\u5c06\u57fa\u4e8e\u573a\u6240\u7684\u89c6\u9891\u3001\u97f3\u9891\u53caWeb\u901a\u4fe1\u7ed3\u5408\u5728\u4e00\u8d77\uff0c\u4ee5\u6ee1\u8db3\u73b0\u4ee3\u5de5\u4f5c\u573a\u6240\u7684\u534f\u4f5c\u9700\u6c42\u3002\n\nCisco Meeting Server\u7684CLI\u914d\u7f6eshell\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u6267\u884c\u6709\u6f0f\u6d1e\u7684CLI\u547d\u4ee4\u671f\u95f4\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\u3002\u5177\u6709\u7ba1\u7406\u5458\u7ea7\u51ed\u636e\u7684\u672c\u5730\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5728\u547d\u4ee4\u6267\u884c\u671f\u95f4\u6ce8\u5165\u7279\u5236\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u4e0a\u4ee5root\u8eab\u4efd\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cms-codex",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-18855",
  "openTime": "2019-06-21",
  "patchDescription": "Cisco Meeting Server\u662fCisco\u63a8\u51fa\u7684\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\uff0c\u8be5\u4ea7\u54c1\u5c06\u57fa\u4e8e\u573a\u6240\u7684\u89c6\u9891\u3001\u97f3\u9891\u53caWeb\u901a\u4fe1\u7ed3\u5408\u5728\u4e00\u8d77\uff0c\u4ee5\u6ee1\u8db3\u73b0\u4ee3\u5de5\u4f5c\u573a\u6240\u7684\u534f\u4f5c\u9700\u6c42\u3002\nCisco Meeting Server\u7684CLI\u914d\u7f6eshell\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u6267\u884c\u6709\u6f0f\u6d1e\u7684CLI\u547d\u4ee4\u671f\u95f4\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\u3002\u5177\u6709\u7ba1\u7406\u5458\u7ea7\u51ed\u636e\u7684\u672c\u5730\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5728\u547d\u4ee4\u6267\u884c\u671f\u95f4\u6ce8\u5165\u7279\u5236\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u4e0a\u4ee5root\u8eab\u4efd\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Meeting Server CLI\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Meeting Server 2.2.*\uff0c\u003c2.2.14",
      "Cisco Meeting Server 2.3.*\uff0c\u003c2.3.8"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cms-codex",
  "serverity": "\u4e2d",
  "submitTime": "2019-06-20",
  "title": "Cisco Meeting Server CLI\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2019-1623 (GCVE-0-2019-1623)

Vulnerability from cvelistv5 – Published: 2019-06-20 02:40 – Updated: 2024-11-20 17:17

Summary

A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product.

Severity ?

6.7 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-77

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/108840	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Meeting Server	Affected: unspecified , < 2.2.14 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.343Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190619 Cisco Meeting Server CLI Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cms-codex"
          },
          {
            "name": "108840",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108840"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1623",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T16:54:15.838239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T17:17:43.328Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Meeting Server",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "2.2.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-21T12:06:06",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190619 Cisco Meeting Server CLI Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cms-codex"
        },
        {
          "name": "108840",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108840"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190619-cms-codex",
        "defect": [
          [
            "CSCvk42093"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Meeting Server CLI Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-06-19T16:00:00-0700",
          "ID": "CVE-2019-1623",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Meeting Server CLI Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Meeting Server",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "2.2.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190619 Cisco Meeting Server CLI Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cms-codex"
            },
            {
              "name": "108840",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108840"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190619-cms-codex",
          "defect": [
            [
              "CSCvk42093"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1623",
    "datePublished": "2019-06-20T02:40:11.959108Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-20T17:17:43.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-18855

CVE-2019-1623 (GCVE-0-2019-1623)

Tags

Sightings

Nomenclature