Sign-up

ID

VAR-201910-0954


CVE

CVE-2019-15275


TITLE

Cisco TelePresence Collaboration Endpoint Permission management vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-011140

DESCRIPTION

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with root privileges

Trust: 1.71

sources: NVD: CVE-2019-15275 // JVNDB: JVNDB-2019-011140 // VULHUB: VHN-147305

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence collaboration endpointscope:ltversion:9.8.1

Trust: 1.0

vendor:ciscomodel:telepresence ce softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-011140 // NVD: CVE-2019-15275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15275
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15275
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15275
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-1104
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147305
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15275
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147305
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-15275
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15275
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-147305 // JVNDB: JVNDB-2019-011140 // CNNVD: CNNVD-201910-1104 // NVD: CVE-2019-15275 // NVD: CVE-2019-15275

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-264

Trust: 1.0

problemtype:CWE-269

Trust: 0.9

sources: VULHUB: VHN-147305 // JVNDB: JVNDB-2019-011140 // NVD: CVE-2019-15275

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1104

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-1104

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011140

PATCH
title:cisco-sa-20191016-tele-ce-privescalurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-privescal
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011140

EXTERNAL IDS
db:NVDid:CVE-2019-15275
Trust: 2.5
db:JVNDBid:JVNDB-2019-011140
Trust: 0.8
db:CNNVDid:CNNVD-201910-1104
Trust: 0.7
db:AUSCERTid:ESB-2019.3876
Trust: 0.6
db:VULHUBid:VHN-147305
Trust: 0.1
sources:
            
            
            VULHUB: VHN-147305 // 
            
            
            
            JVNDB: JVNDB-2019-011140 // 
            
            
            
            CNNVD: CNNVD-201910-1104 // 
            
            
            
            NVD: CVE-2019-15275

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-privescal
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-15275
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15275
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-telepres-escalation
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-cmdinj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-filewrite
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-file-ovrwrt
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3876/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-147305 // 
            
            
            
            JVNDB: JVNDB-2019-011140 // 
            
            
            
            CNNVD: CNNVD-201910-1104 // 
            
            
            
            NVD: CVE-2019-15275

SOURCES
db:VULHUBid:VHN-147305
db:JVNDBid:JVNDB-2019-011140
db:CNNVDid:CNNVD-201910-1104
db:NVDid:CVE-2019-15275

LAST UPDATE DATE
2024-11-23T21:36:34.927000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-147305date:2020-10-09T00:00:00
db:JVNDBid:JVNDB-2019-011140date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1104date:2020-10-16T00:00:00
db:NVDid:CVE-2019-15275date:2024-11-21T04:28:21.500

SOURCES RELEASE DATE
db:VULHUBid:VHN-147305date:2019-10-16T00:00:00
db:JVNDBid:JVNDB-2019-011140date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1104date:2019-10-16T00:00:00
db:NVDid:CVE-2019-15275date:2019-10-16T19:15:14.940