6.6

CVE-2019-15962

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoTelepresence Collaboration Endpoint Version7.3.18
   CiscoWebex Board 55 Version-
   CiscoWebex Board 55s Version-
   CiscoWebex Board 70 Version-
   CiscoWebex Board 70s Version-
   CiscoWebex Board 85s Version-
   CiscoWebex Room 55 Version-
   CiscoWebex Room 55 Dual Version-
   CiscoWebex Room 70 Dual Version-
   CiscoWebex Room 70 Dual G2 Version-
   CiscoWebex Room 70 Single Version-
   CiscoWebex Room 70 Single G2 Version-
   CiscoWebex Room Kit Version-
   CiscoWebex Room Kit Mini Version-
CiscoTelepresence Collaboration Endpoint Version8.3.7
   CiscoWebex Board 55 Version-
   CiscoWebex Board 55s Version-
   CiscoWebex Board 70 Version-
   CiscoWebex Board 70s Version-
   CiscoWebex Board 85s Version-
   CiscoWebex Room 55 Version-
   CiscoWebex Room 55 Dual Version-
   CiscoWebex Room 70 Dual Version-
   CiscoWebex Room 70 Dual G2 Version-
   CiscoWebex Room 70 Single Version-
   CiscoWebex Room 70 Single G2 Version-
   CiscoWebex Room Kit Version-
   CiscoWebex Room Kit Mini Version-
CiscoTelepresence Collaboration Endpoint Version9.6.4
   CiscoWebex Board 55 Version-
   CiscoWebex Board 55s Version-
   CiscoWebex Board 70 Version-
   CiscoWebex Board 70s Version-
   CiscoWebex Board 85s Version-
   CiscoWebex Room 55 Version-
   CiscoWebex Room 55 Dual Version-
   CiscoWebex Room 70 Dual Version-
   CiscoWebex Room 70 Dual G2 Version-
   CiscoWebex Room 70 Single Version-
   CiscoWebex Room 70 Single G2 Version-
   CiscoWebex Room Kit Version-
   CiscoWebex Room Kit Mini Version-
CiscoTelepresence Collaboration Endpoint Version9.7.2
   CiscoWebex Board 55 Version-
   CiscoWebex Board 55s Version-
   CiscoWebex Board 70 Version-
   CiscoWebex Board 70s Version-
   CiscoWebex Board 85s Version-
   CiscoWebex Room 55 Version-
   CiscoWebex Room 55 Dual Version-
   CiscoWebex Room 70 Dual Version-
   CiscoWebex Room 70 Dual G2 Version-
   CiscoWebex Room 70 Single Version-
   CiscoWebex Room 70 Single G2 Version-
   CiscoWebex Room Kit Version-
   CiscoWebex Room Kit Mini Version-
CiscoTelepresence Collaboration Endpoint Version9.8.0
   CiscoWebex Board 55 Version-
   CiscoWebex Board 55s Version-
   CiscoWebex Board 70 Version-
   CiscoWebex Board 70s Version-
   CiscoWebex Board 85s Version-
   CiscoWebex Room 55 Version-
   CiscoWebex Room 55 Dual Version-
   CiscoWebex Room 70 Dual Version-
   CiscoWebex Room 70 Dual G2 Version-
   CiscoWebex Room 70 Single Version-
   CiscoWebex Room 70 Single G2 Version-
   CiscoWebex Room Kit Version-
   CiscoWebex Room Kit Mini Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.327
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 6.6 3.9 9.2
AV:L/AC:L/Au:N/C:N/I:C/A:C
psirt@cisco.com 4.4 0.8 3.6
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.