CVE-2019-12622
Last modified
CVE-2019-12622 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Telepresence Codec C40 Firmware | All versions |
| Cisco | Telepresence Codec C60 Firmware | All versions |
| Cisco | Telepresence Codec C90 Firmware | All versions |
| Cisco | Roomos | <= 9.7.2 |
| Cisco | Roomos | > 9.7.3, < 9.8.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-12622?
How severe is CVE-2019-12622?
How do I fix CVE-2019-12622?
Are you affected by CVE-2019-12622?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST