A vulnerability, which was classified as critical, has been found in Cisco TelePresence Collaboration Endpoint, TelePresence Codec and RoomOS (Unified Communication Software) (unknown version). This issue affects an unknown code block of the component CLI. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device.

The weakness was presented 11/26/2019 as cisco-sa-20191106-telepres-roo as confirmed advisory (Website). The advisory is shared at tools.cisco.com. The identification of this vulnerability is CVE-2019-15288 since 08/20/2019. The attack may be initiated remotely. The requirement for exploitation is a simple authentication. Neither technical details nor an exploit are publicly available.

Upgrading eliminates this vulnerability.

Productinfo

Type

• Unified Communication Software

Vendor

• Cisco

Name

• RoomOS
• TelePresence Codec
• TelePresence Collaboration Endpoint

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion