CVE-2019-12622

CVE Database · CVE-2019-12622

CVE-2019-12622

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.26%

Published

Aug 21, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-275

Affected Products (8)

cisco · telepresence_codec_c40_firmwarevulnerable

cisco · telepresence_codec_c40

cisco · telepresence_codec_c60_firmwarevulnerable

cisco · telepresence_codec_c60

cisco · telepresence_codec_c90_firmwarevulnerable

cisco · telepresence_codec_c90

cisco · roomosvulnerable