Cisco TelePresence Collaboration Endpoint Software Command Injection Vulnerability
CVE-2019-15274

6.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Telepresence Tc Software
Vendor: CVE Published:; 16 October 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an administrative level user within the restricted shell and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute previously staged code from the underlying filesystem.

Affected Version(s)

Cisco TelePresence TC Software < unspecified

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Aug 20, 2019