Rapid7 Vulnerability & Exploit Database

Cisco TelePresence: Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities (CVE-2019-15273)

Back to Search

Cisco TelePresence: Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities (CVE-2019-15273)

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:N/I:C/A:C)
Published
10/16/2019
Created
10/23/2019
Added
10/22/2019
Modified
10/23/2019

Description

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by authenticating as the remote support user and submitting malicious input to specific commands. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying filesystem. The attacker has no control over the contents of the data written to the file. Overwriting a critical file could cause the device to crash, resulting in a denial of service condition (DoS).

Solution(s)

  • cisco-telepresence-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;