Details of VAR-201911-1113

ID

VAR-201911-1113

CVE

CVE-2019-15288

TITLE

plural Cisco Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-012746

DESCRIPTION

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device

Trust: 1.71

sources: NVD: CVE-2019-15288 // JVNDB: JVNDB-2019-012746 // VULHUB: VHN-147319

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence codec	scope:	lt	version:	7.3.19	Trust: 1.0
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	lt	version:	9.8.1	Trust: 1.0
vendor:	cisco	model:	roomos	scope:	lt	version:	2019-09-drop1	Trust: 1.0
vendor:	cisco	model:	roomos	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence ce software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.8.0	Trust: 0.6
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.6.4	Trust: 0.6
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	8.3.7	Trust: 0.6
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	7.3.18	Trust: 0.6
vendor:	cisco	model:	telepresence collaboration endpoint	scope:	eq	version:	9.7.2	Trust: 0.6

sources: JVNDB: JVNDB-2019-012746 // CNNVD: CNNVD-201911-371 // NVD: CVE-2019-15288

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15288
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15288
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15288
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-371
value:	HIGH
Trust: 0.6
VULHUB:	VHN-147319
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-15288
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-147319
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-15288
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-15288
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-147319 // JVNDB: JVNDB-2019-012746 // CNNVD: CNNVD-201911-371 // NVD: CVE-2019-15288 // NVD: CVE-2019-15288

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-147319 // JVNDB: JVNDB-2019-012746 // NVD: CVE-2019-15288

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-371

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-371

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012746

PATCH

title:	cisco-sa-20191106-telepres-roomos-privesc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roomos-privesc	Trust: 0.8
title:	Cisco TelePresence CE Software , TC Software and RoomOS Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101987	Trust: 0.6

sources: JVNDB: JVNDB-2019-012746 // CNNVD: CNNVD-201911-371

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15288	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-012746	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-371	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4176	Trust: 0.6
db:	VULHUB	id:	VHN-147319	Trust: 0.1

sources: VULHUB: VHN-147319 // JVNDB: JVNDB-2019-012746 // CNNVD: CNNVD-201911-371 // NVD: CVE-2019-15288

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191106-telepres-roomos-privesc	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15288	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15288	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.4176/	Trust: 0.6

sources: VULHUB: VHN-147319 // JVNDB: JVNDB-2019-012746 // CNNVD: CNNVD-201911-371 // NVD: CVE-2019-15288

SOURCES

db:	VULHUB	id:	VHN-147319
db:	JVNDB	id:	JVNDB-2019-012746
db:	CNNVD	id:	CNNVD-201911-371
db:	NVD	id:	CVE-2019-15288

LAST UPDATE DATE

2024-11-23T22:16:46.535000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-147319	date:	2019-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-012746	date:	2019-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201911-371	date:	2019-12-12T00:00:00
db:	NVD	id:	CVE-2019-15288	date:	2024-11-21T04:28:23.090

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-147319	date:	2019-11-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-012746	date:	2019-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201911-371	date:	2019-11-06T00:00:00
db:	NVD	id:	CVE-2019-15288	date:	2019-11-26T03:15:11.363