ID

VAR-201911-1306


CVE

CVE-2019-15967


TITLE

Cisco TelePresence Collaboration Endpoint and RoomOS Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-012747

DESCRIPTION

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit this vulnerability by gaining unrestricted access to the restricted shell and using the specific debug commands. A successful exploit could allow the attacker to enable the microphone of an affected device to record audio without notifying users. Cisco RoomOS Software is a suite of automated management software for Cisco devices. This software is mainly used to upgrade and manage the motherboard firmware of Cisco equipment

Trust: 1.71

sources: NVD: CVE-2019-15967 // JVNDB: JVNDB-2019-012747 // VULHUB: VHN-148066

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence collaboration endpointscope:ltversion:9.8.1

Trust: 1.0

vendor:ciscomodel:roomosscope:ltversion:2019-09-drop1

Trust: 1.0

vendor:ciscomodel:roomosscope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence ce softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.8.0

Trust: 0.6

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.6.4

Trust: 0.6

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:8.3.7

Trust: 0.6

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:7.3.18

Trust: 0.6

vendor:ciscomodel:telepresence collaboration endpointscope:eqversion:9.7.2

Trust: 0.6

sources: JVNDB: JVNDB-2019-012747 // CNNVD: CNNVD-201911-361 // NVD: CVE-2019-15967

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15967
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15967
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15967
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-361
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148066
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-15967
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148066
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-15967
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15967
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-148066 // JVNDB: JVNDB-2019-012747 // CNNVD: CNNVD-201911-361 // NVD: CVE-2019-15967 // NVD: CVE-2019-15967

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-148066 // JVNDB: JVNDB-2019-012747 // NVD: CVE-2019-15967

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-361

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-361

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012747

PATCH

title:cisco-sa-20191106-telece-ros-eveurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telece-ros-eve

Trust: 0.8

title:Cisco TelePresence Collaboration Endpoint and RoomOS Software Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108198

Trust: 0.6

sources: JVNDB: JVNDB-2019-012747 // CNNVD: CNNVD-201911-361

EXTERNAL IDS

db:NVDid:CVE-2019-15967

Trust: 2.5

db:JVNDBid:JVNDB-2019-012747

Trust: 0.8

db:CNNVDid:CNNVD-201911-361

Trust: 0.7

db:AUSCERTid:ESB-2019.4178

Trust: 0.6

db:VULHUBid:VHN-148066

Trust: 0.1

sources: VULHUB: VHN-148066 // JVNDB: JVNDB-2019-012747 // CNNVD: CNNVD-201911-361 // NVD: CVE-2019-15967

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191106-telece-ros-eve

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-15967

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15967

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.4178/

Trust: 0.6

sources: VULHUB: VHN-148066 // JVNDB: JVNDB-2019-012747 // CNNVD: CNNVD-201911-361 // NVD: CVE-2019-15967

SOURCES

db:VULHUBid:VHN-148066
db:JVNDBid:JVNDB-2019-012747
db:CNNVDid:CNNVD-201911-361
db:NVDid:CVE-2019-15967

LAST UPDATE DATE

2024-11-23T22:55:20.699000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-148066date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-012747date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201911-361date:2020-01-21T00:00:00
db:NVDid:CVE-2019-15967date:2024-11-21T04:29:50.267

SOURCES RELEASE DATE

db:VULHUBid:VHN-148066date:2019-11-26T00:00:00
db:JVNDBid:JVNDB-2019-012747date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201911-361date:2019-11-06T00:00:00
db:NVDid:CVE-2019-15967date:2019-11-26T03:15:11.660