Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco RoomOS Software Privilege Escalation Vulnerability

cisco-sa-20190821-roomos-privesc · Medium · Published · Updated

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-roomos-privesc

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2019-12622
Cisco Bug IDsCSCvp79711
CVSS ScoreBase 4.1
Base 4.1 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco TelePresence CE Software, Cisco RoomOS Software

Related Products

Product CVE Evidence
Cisco TelePresence CE Software CVE-2019-12622 Cisco OpenVuln
Cisco TelePresence CVE-2019-12622 Cisco OpenVuln
Cisco RoomOS Software CVE-2019-12622 Cisco OpenVuln