Details of VAR-201910-0955

ID

VAR-201910-0955

CVE

CVE-2019-15277

TITLE

Cisco TelePresence Collaboration Endpoint Permission management vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-011141

DESCRIPTION

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and sending malicious traffic to a listener who is internal to the device. A successful exploit could allow the attacker to execute commands with root privileges

Trust: 1.71

sources: NVD: CVE-2019-15277 // JVNDB: JVNDB-2019-011141 // VULHUB: VHN-147307

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence collaboration endpoint	scope:	lt	version:	9.8.0	Trust: 1.0
vendor:	cisco	model:	telepresence ce software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-011141 // NVD: CVE-2019-15277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15277
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15277
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-15277
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201910-1106
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-147307
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-15277
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-147307
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-15277
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15277
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2019-15277
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-147307 // JVNDB: JVNDB-2019-011141 // CNNVD: CNNVD-201910-1106 // NVD: CVE-2019-15277 // NVD: CVE-2019-15277

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	CWE-264	Trust: 1.0
problemtype:	CWE-269	Trust: 0.9

sources: VULHUB: VHN-147307 // JVNDB: JVNDB-2019-011141 // NVD: CVE-2019-15277

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1106

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-1106

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011141

PATCH

title:

cisco-sa-20191016-telepres-escalation

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-telepres-escalation

Trust: 0.8

sources: JVNDB: JVNDB-2019-011141

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15277	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-011141	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-1106	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3876	Trust: 0.6
db:	VULHUB	id:	VHN-147307	Trust: 0.1

sources: VULHUB: VHN-147307 // JVNDB: JVNDB-2019-011141 // CNNVD: CNNVD-201910-1106 // NVD: CVE-2019-15277

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-telepres-escalation	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15277	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15277	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-privescal	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-cmdinj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-filewrite	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-file-ovrwrt	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3876/	Trust: 0.6

sources: VULHUB: VHN-147307 // JVNDB: JVNDB-2019-011141 // CNNVD: CNNVD-201910-1106 // NVD: CVE-2019-15277

SOURCES

db:	VULHUB	id:	VHN-147307
db:	JVNDB	id:	JVNDB-2019-011141
db:	CNNVD	id:	CNNVD-201910-1106
db:	NVD	id:	CVE-2019-15277

LAST UPDATE DATE

2024-11-23T21:36:34.882000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-147307	date:	2020-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-011141	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1106	date:	2020-10-16T00:00:00
db:	NVD	id:	CVE-2019-15277	date:	2024-11-21T04:28:21.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-147307	date:	2019-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-011141	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1106	date:	2019-10-16T00:00:00
db:	NVD	id:	CVE-2019-15277	date:	2019-10-16T19:15:15.130