CVE-2019-12622

Description

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.

Related CPE's

ociscotelepresence_codec_c40_firmware-*******

hciscotelepresence_codec_c40-*******

ociscotelepresence_codec_c60_firmware-*******

hciscotelepresence_codec_c60-*******

ociscotelepresence_codec_c90_firmware-*******

hciscotelepresence_codec_c90-*******

ociscoroomos********

ociscoroomos********

References

20190821 Cisco RoomOS Software Privilege Escalation Vulnerability

Vendor Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

NONE

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

5.5

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:N/I:P/A:N

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

2.0999999046325684

Created by Yello
About Severity.io