Sign-up

ID

VAR-201908-0272


CVE

CVE-2019-12622


TITLE

Cisco RoomOS Software permission vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008632

DESCRIPTION

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges. Cisco RoomOS There is a permission vulnerability in the software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco RoomOS Software is a set of automatic management software for Cisco equipment from Cisco. This software is mainly used to upgrade and manage the motherboard firmware of Cisco equipment. There is an authorization problem vulnerability in Cisco RoomOS Software ce-9.7.3 and earlier versions

Trust: 1.71

sources: NVD: CVE-2019-12622 // JVNDB: JVNDB-2019-008632 // VULHUB: VHN-144387

AFFECTED PRODUCTS

vendor:ciscomodel:roomosscope:lteversion:9.7.2

Trust: 1.0

vendor:ciscomodel:telepresence codec c60scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:telepresence codec c40scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:roomosscope:gtversion:9.7.3

Trust: 1.0

vendor:ciscomodel:telepresence codec c90scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:roomosscope:ltversion:9.8.0

Trust: 1.0

vendor:ciscomodel:roomosscope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence codec c40scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence codec c60scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence codec c90scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008632 // NVD: CVE-2019-12622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12622
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12622
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12622
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-1636
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144387
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-12622
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2019-12622
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-144387
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12622
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12622
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.5
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-12622
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144387 // JVNDB: JVNDB-2019-008632 // CNNVD: CNNVD-201908-1636 // NVD: CVE-2019-12622 // NVD: CVE-2019-12622

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-144387 // JVNDB: JVNDB-2019-008632 // NVD: CVE-2019-12622

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-1636

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-1636

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008632

PATCH
title:cisco-sa-20190821-roomos-privescurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc
Trust: 0.8
title:Cisco RoomOS Software Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97718
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008632 // 
            
            
            
            CNNVD: CNNVD-201908-1636

EXTERNAL IDS
db:NVDid:CVE-2019-12622
Trust: 2.5
db:JVNDBid:JVNDB-2019-008632
Trust: 0.8
db:CNNVDid:CNNVD-201908-1636
Trust: 0.7
db:AUSCERTid:ESB-2019.3204
Trust: 0.6
db:VULHUBid:VHN-144387
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144387 // 
            
            
            
            JVNDB: JVNDB-2019-008632 // 
            
            
            
            CNNVD: CNNVD-201908-1636 // 
            
            
            
            NVD: CVE-2019-12622

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-roomos-privesc
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12622
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12622
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.3204/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144387 // 
            
            
            
            JVNDB: JVNDB-2019-008632 // 
            
            
            
            CNNVD: CNNVD-201908-1636 // 
            
            
            
            NVD: CVE-2019-12622

SOURCES
db:VULHUBid:VHN-144387
db:JVNDBid:JVNDB-2019-008632
db:CNNVDid:CNNVD-201908-1636
db:NVDid:CVE-2019-12622

LAST UPDATE DATE
2024-11-23T23:11:46.096000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144387date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-008632date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-1636date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12622date:2024-11-21T04:23:12.533

SOURCES RELEASE DATE
db:VULHUBid:VHN-144387date:2019-08-21T00:00:00
db:JVNDBid:JVNDB-2019-008632date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-1636date:2019-08-21T00:00:00
db:NVDid:CVE-2019-12622date:2019-08-21T18:15:13.430