// For flags

CVE-2019-12622

Cisco RoomOS Software Privilege Escalation Vulnerability

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.

Una vulnerabilidad en el software Cisco RoomOS podría permitir que un atacante local autenticado escriba archivos en el sistema de archivos subyacente con privilegios de root. La vulnerabilidad se debe a restricciones de permisos insuficientes en un proceso específico. Un atacante podría aprovechar esta vulnerabilidad iniciando sesión en un dispositivo afectado con credenciales de soporte remoto e iniciando el proceso específico en el dispositivo y enviando datos diseñados a ese proceso. Una explotación exitosa podría permitir al atacante escribir archivos en el sistema de archivos subyacente con privilegios de root.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2019-06-04 CVE Reserved
  • 2019-08-21 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-11-21 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-275: Permission Issues
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Telepresence Codec C40 Firmware
Search vendor "Cisco" for product "Telepresence Codec C40 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Telepresence Codec C40
Search vendor "Cisco" for product "Telepresence Codec C40"
--
Safe
Cisco
Search vendor "Cisco"
Telepresence Codec C60 Firmware
Search vendor "Cisco" for product "Telepresence Codec C60 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Telepresence Codec C60
Search vendor "Cisco" for product "Telepresence Codec C60"
--
Safe
Cisco
Search vendor "Cisco"
Telepresence Codec C90 Firmware
Search vendor "Cisco" for product "Telepresence Codec C90 Firmware"
--
Affected
in Cisco
Search vendor "Cisco"
Telepresence Codec C90
Search vendor "Cisco" for product "Telepresence Codec C90"
--
Safe
Cisco
Search vendor "Cisco"
Roomos
Search vendor "Cisco" for product "Roomos"
<= 9.7.2
Search vendor "Cisco" for product "Roomos" and version " <= 9.7.2"
-
Affected
Cisco
Search vendor "Cisco"
Roomos
Search vendor "Cisco" for product "Roomos"
> 9.7.3 < 9.8.0
Search vendor "Cisco" for product "Roomos" and version " > 9.7.3 < 9.8.0"
-
Affected