Details of VAR-201910-1695

ID

VAR-201910-1695

CVE

CVE-2019-15274

TITLE

Cisco TelePresence Collaboration Endpoint In software OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011139

DESCRIPTION

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an administrative level user within the restricted shell and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute previously staged code from the underlying filesystem

Trust: 1.71

sources: NVD: CVE-2019-15274 // JVNDB: JVNDB-2019-011139 // VULHUB: VHN-147304

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence collaboration endpoint	scope:	lt	version:	9.8.1	Trust: 1.0
vendor:	cisco	model:	telepresence ce software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-011139 // NVD: CVE-2019-15274

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15274
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15274
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-15274
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201910-1098
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-147304
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-15274
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-147304
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-15274
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15274
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2019-15274
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-147304 // JVNDB: JVNDB-2019-011139 // CNNVD: CNNVD-201910-1098 // NVD: CVE-2019-15274 // NVD: CVE-2019-15274

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.9
problemtype:	CWE-20	Trust: 1.0

sources: VULHUB: VHN-147304 // JVNDB: JVNDB-2019-011139 // NVD: CVE-2019-15274

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1098

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1098

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011139

PATCH

title:

cisco-sa-20191016-tele-ce-cmdinj

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-cmdinj

Trust: 0.8

sources: JVNDB: JVNDB-2019-011139

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15274	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-011139	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-1098	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3876	Trust: 0.6
db:	VULHUB	id:	VHN-147304	Trust: 0.1

sources: VULHUB: VHN-147304 // JVNDB: JVNDB-2019-011139 // CNNVD: CNNVD-201910-1098 // NVD: CVE-2019-15274

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-cmdinj	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15274	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15274	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-privescal	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-telepres-escalation	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-filewrite	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-tele-ce-file-ovrwrt	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3876/	Trust: 0.6

sources: VULHUB: VHN-147304 // JVNDB: JVNDB-2019-011139 // CNNVD: CNNVD-201910-1098 // NVD: CVE-2019-15274

SOURCES

db:	VULHUB	id:	VHN-147304
db:	JVNDB	id:	JVNDB-2019-011139
db:	CNNVD	id:	CNNVD-201910-1098
db:	NVD	id:	CVE-2019-15274

LAST UPDATE DATE

2024-11-23T21:36:34.860000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-147304	date:	2019-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-011139	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1098	date:	2021-11-02T00:00:00
db:	NVD	id:	CVE-2019-15274	date:	2024-11-21T04:28:21.370

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-147304	date:	2019-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-011139	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1098	date:	2019-10-16T00:00:00
db:	NVD	id:	CVE-2019-15274	date:	2019-10-16T19:15:14.817