Vulnerability Description
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Telepresence Codec C40 Firmware | - |
| Cisco | Telepresence Codec C40 | - |
| Cisco | Telepresence Codec C60 Firmware | - |
| Cisco | Telepresence Codec C60 | - |
| Cisco | Telepresence Codec C90 Firmware | - |
| Cisco | Telepresence Codec C90 | - |
| Cisco | Roomos | <= 9.7.2 |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-12622?
CVE-2019-12622 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permiss...
How severe is CVE-2019-12622?
CVE-2019-12622 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12622?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence Codec C40 Firmware, Cisco Telepresence Codec C40, Cisco Telepresence Codec C60 Firmware, Cisco Telepresence Codec C60, Cisco Telepresence Codec C90 Firmware.