Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-12622

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.

Published

2019-08-21T18:15:13.430

Last Modified

2024-11-21T04:23:12.533

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-275
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	telepresence_codec_c40_firmware	-	Yes
Hardware	cisco	telepresence_codec_c40	-	No
Operating System	cisco	telepresence_codec_c60_firmware	-	Yes
Hardware	cisco	telepresence_codec_c60	-	No
Operating System	cisco	telepresence_codec_c90_firmware	-	Yes
Hardware	cisco	telepresence_codec_c90	-	No
Operating System	cisco	roomos	≤ 9.7.2	Yes
Operating System	cisco	roomos	< 9.8.0	Yes

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)