{"containers": {"cna": {"affected": [{"product": "Cisco TelePresence CE Software", "vendor": "Cisco", "versions": [{"lessThan": "ce-9.7.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-08-21T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-275", "description": "CWE-275", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-21T18:00:23", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190821 Cisco RoomOS Software Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc"}], "source": {"advisory": "cisco-sa-20190821-roomos-privesc", "defect": [["CSCvp79711"]], "discovery": "INTERNAL"}, "title": "Cisco RoomOS Software Privilege Escalation Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-08-21T16:00:00-0700", "ID": "CVE-2019-12622", "STATE": "PUBLIC", "TITLE": "Cisco RoomOS Software Privilege Escalation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco TelePresence CE Software", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "ce-9.7.3"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "4.1", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-275"}]}]}, "references": {"reference_data": [{"name": "20190821 Cisco RoomOS Software Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc"}]}, "source": {"advisory": "cisco-sa-20190821-roomos-privesc", "defect": [["CSCvp79711"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:24:39.147Z"}, "title": "CVE Program Container", "references": [{"name": "20190821 Cisco RoomOS Software Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-12622", "datePublished": "2019-08-21T18:00:23.216856Z", "dateReserved": "2019-06-04T00:00:00", "dateUpdated": "2024-09-16T23:25:35.833Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*", "matchCriteriaId": "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1AF8E71F-0EDA-473A-A673-E29CAC50C256", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*", "matchCriteriaId": "0754B77C-E888-461E-AA1E-74B78DA59B78", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7549095E-BC00-449F-98AD-2FDF61506AB0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BFF6AA3-4850-40A3-8211-82F60F14ACD3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "53020625-037E-46A9-B970-C30802BDC111", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C266A27-F825-459A-855F-F2601832E014", "versionEndIncluding": "9.7.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E95BCCD3-AE74-409D-836F-D92747B2402D", "versionEndExcluding": "9.8.0", "versionStartExcluding": "9.7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges."}, {"lang": "es", "value": "Una vulnerabilidad en el software Cisco RoomOS podr\u00eda permitir que un atacante local autenticado escriba archivos en el sistema de archivos subyacente con privilegios de root. La vulnerabilidad se debe a restricciones de permisos insuficientes en un proceso espec\u00edfico. Un atacante podr\u00eda aprovechar esta vulnerabilidad iniciando sesi\u00f3n en un dispositivo afectado con credenciales de soporte remoto e iniciando el proceso espec\u00edfico en el dispositivo y enviando datos dise\u00f1ados a ese proceso. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante escribir archivos en el sistema de archivos subyacente con privilegios de root."}], "id": "CVE-2019-12622", "lastModified": "2020-10-08T14:43:13.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-21T18:15:13.430", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-275"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}