CVE-2019-12622
Cisco RoomOS Software Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.
Una vulnerabilidad en el software Cisco RoomOS podría permitir que un atacante local autenticado escriba archivos en el sistema de archivos subyacente con privilegios de root. La vulnerabilidad se debe a restricciones de permisos insuficientes en un proceso específico. Un atacante podría aprovechar esta vulnerabilidad iniciando sesión en un dispositivo afectado con credenciales de soporte remoto e iniciando el proceso específico en el dispositivo y enviando datos diseñados a ese proceso. Una explotación exitosa podría permitir al atacante escribir archivos en el sistema de archivos subyacente con privilegios de root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-06-04 CVE Reserved
- 2019-08-21 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-275: Permission Issues
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Telepresence Codec C40 Firmware Search vendor "Cisco" for product "Telepresence Codec C40 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Telepresence Codec C40 Search vendor "Cisco" for product "Telepresence Codec C40" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Telepresence Codec C60 Firmware Search vendor "Cisco" for product "Telepresence Codec C60 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Telepresence Codec C60 Search vendor "Cisco" for product "Telepresence Codec C60" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Telepresence Codec C90 Firmware Search vendor "Cisco" for product "Telepresence Codec C90 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Telepresence Codec C90 Search vendor "Cisco" for product "Telepresence Codec C90" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Roomos Search vendor "Cisco" for product "Roomos" | <= 9.7.2 Search vendor "Cisco" for product "Roomos" and version " <= 9.7.2" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Roomos Search vendor "Cisco" for product "Roomos" | > 9.7.3 < 9.8.0 Search vendor "Cisco" for product "Roomos" and version " > 9.7.3 < 9.8.0" | - |
Affected
|