← volver
CVE-2019-15288

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability

CVSS 8.8 HIGHEPSS 1.7%CWE-20
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.8EPSS 1.7%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
26 nov 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →