CVE-2019-12622

EPSS 0.06%
Veröffentlicht 21.08.2019 18:15:13
Zuletzt bearbeitet 21.11.2024 04:23:12
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Telepresence Codec C40 Firmware Version-

Cisco ≫ Telepresence Codec C40 Version-

Cisco ≫ Telepresence Codec C60 Firmware Version-

Cisco ≫ Telepresence Codec C60 Version-

Cisco ≫ Telepresence Codec C90 Firmware Version-

Cisco ≫ Telepresence Codec C90 Version-

Cisco ≫ Roomos Version <= 9.7.2

Cisco ≫ Roomos Version > 9.7.3 < 9.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.14

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N
psirt@cisco.com	4.1	0.5	3.6	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12622

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12622

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12622

EUVD