Details of VAR-201910-0953

ID

VAR-201910-0953

CVE

CVE-2019-15273

TITLE

Cisco TelePresence Collaboration Endpoint Permission management vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-011138

DESCRIPTION

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by authenticating as the remote support user and submitting malicious input to specific commands. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying filesystem. The attacker has no control over the contents of the data written to the file. Overwriting a critical file could cause the device to crash, resulting in a denial of service condition (DoS)

Trust: 1.71

sources: NVD: CVE-2019-15273 // JVNDB: JVNDB-2019-011138 // VULHUB: VHN-147303

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence collaboration endpoint	scope:	lt	version:	9.8.1	Trust: 1.0
vendor:	cisco	model:	telepresence ce software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-011138 // NVD: CVE-2019-15273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15273
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15273
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-15273
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201910-1100
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-147303
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-15273
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-147303
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-15273
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15273
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.2
version:	3.0
Trust: 1.0
NVD:	CVE-2019-15273
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-147303 // JVNDB: JVNDB-2019-011138 // CNNVD: CNNVD-201910-1100 // NVD: CVE-2019-15273 // NVD: CVE-2019-15273

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-269	Trust: 0.9

sources: VULHUB: VHN-147303 // JVNDB: JVNDB-2019-011138 // NVD: CVE-2019-15273

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1100

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-1100

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011138

PATCH

title:

cisco-sa-20191016-tele-ce-file-ovrwrt

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-file-ovrwrt

Trust: 0.8

sources: JVNDB: JVNDB-2019-011138

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15273	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-011138	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-1100	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3876	Trust: 0.6
db:	VULHUB	id:	VHN-147303	Trust: 0.1

sources: VULHUB: VHN-147303 // JVNDB: JVNDB-2019-011138 // CNNVD: CNNVD-201910-1100 // NVD: CVE-2019-15273

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-file-ovrwrt	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15273	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15273	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-privescal	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-telepres-escalation	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-cmdinj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-filewrite	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3876/	Trust: 0.6

sources: VULHUB: VHN-147303 // JVNDB: JVNDB-2019-011138 // CNNVD: CNNVD-201910-1100 // NVD: CVE-2019-15273

SOURCES

db:	VULHUB	id:	VHN-147303
db:	JVNDB	id:	JVNDB-2019-011138
db:	CNNVD	id:	CNNVD-201910-1100
db:	NVD	id:	CVE-2019-15273

LAST UPDATE DATE

2024-11-23T21:36:34.951000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-147303	date:	2020-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-011138	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1100	date:	2020-10-10T00:00:00
db:	NVD	id:	CVE-2019-15273	date:	2024-11-21T04:28:21.247

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-147303	date:	2019-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-011138	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1100	date:	2019-10-16T00:00:00
db:	NVD	id:	CVE-2019-15273	date:	2019-10-16T19:15:14.630