First published: Tue Nov 26 2019(Updated: )
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Codec | <7.3.19 | |
Cisco TelePresence Collaboration Endpoint | <9.8.1 | |
Cisco RoomOS | <2019-09-drop1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15288 is a vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software that allows an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell.
The severity of CVE-2019-15288 is high, with a severity value of 8.8.
Cisco TelePresence Codec (up to version 7.3.19), Cisco TelePresence Collaboration Endpoint (up to version 9.8.1), and Cisco RoomOS (up to version 2019-09-drop1) are affected by CVE-2019-15288.
An attacker can exploit CVE-2019-15288 by leveraging insufficient input validation in the CLI and escalating privileges to an unrestricted user of the restricted shell.
You can find more information about CVE-2019-15288 at the following reference link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roomos-privesc).