First published: Wed Oct 16 2019(Updated: )
Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by authenticating as the remote support user and submitting malicious input to specific commands. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying filesystem. The attacker has no control over the contents of the data written to the file. Overwriting a critical file could cause the device to crash, resulting in a denial of service condition (DoS).
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Collaboration Endpoint | <9.8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15273 is a vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software that could allow an authenticated, local attacker to overwrite arbitrary files.
CVE-2019-15273 has a severity rating of medium with a CVSS score of 4.4 (out of 10).
CVE-2019-15273 affects Cisco TelePresence Collaboration Endpoint Software versions up to and including 9.8.1.
An attacker can exploit CVE-2019-15273 by authenticating to the CLI and using insufficient permission enforcement to overwrite arbitrary files.
To fix CVE-2019-15273, Cisco recommends upgrading to a fixed software release.