CVE-2019-12622 MEDIUM

CVE-2019-12622: Cisco RoomOS Software Privilege Escalation Vulnerability

Vendor Cisco
Product Cisco TelePresence CE Software
Weakness CWE-275
Published August 21, 2019
Last update November 21, 2024

CVSS base score

4.1/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.

Key dates

02Disclosure timeline

August 21, 2019 CVE published
November 21, 2024 Record updated