CVE-2019-15273

Description

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by authenticating as the remote support user and submitting malicious input to specific commands. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying filesystem. The attacker has no control over the contents of the data written to the file. Overwriting a critical file could cause the device to crash, resulting in a denial of service condition (DoS).

Risk Information

Base Score

4.4

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS Score

Exploitation Probability

0.221

Associated Vulnerability

Vulnerability	OS Platform
Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities For Cisco Telepresence Integrator C Series	NCM
CVE-2019-15273	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706043	Security Update for Cisco Telepresence Integrator C Series 9.1.1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234