var-201906-0292
Vulnerability from variot
A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts on the targeted device. Cisco TelePresence Endpoint is prone to a command-injection vulnerability. This issue is being tracked by Cisco Bug ID CSCvo28194. The following products of the Cisco are vulnerable: Cisco TelePresence Integrator C Series Cisco TelePresence EX Series Cisco TelePresence MX Series Cisco TelePresence SX Series Cisco Webex Room Series. Collaboration Endpoint (CE) Software is a set of terminal collaboration software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0292",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telepresence ce",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3.7"
},
{
"model": "telepresence ce",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0"
},
{
"model": "telepresence tc",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"model": "telepresence ce",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0"
},
{
"model": "telepresence tc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3.17"
},
{
"model": "telepresence ce",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.3"
},
{
"model": "telepresence ce",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.3"
},
{
"model": "telepresence ce",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.0"
},
{
"model": "telepresence ce software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "telepresence tc software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3.1"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.1"
},
{
"model": "telepresence ce software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3.7"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.1"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.4"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence ce software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7.1"
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.1"
},
{
"model": "telepresence tc software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.17"
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.1"
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1"
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.2"
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5.1"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.4"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.2"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "webex room series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.5"
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.3"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.1"
},
{
"model": "telepresence ce software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5.3"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.1"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.1"
}
],
"sources": [
{
"db": "BID",
"id": "108883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005801"
},
{
"db": "NVD",
"id": "CVE-2019-1878"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:telepresence_ce_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:telepresence_tc_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005801"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco.",
"sources": [
{
"db": "BID",
"id": "108883"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-809"
}
],
"trust": 0.9
},
"cve": "CVE-2019-1878",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2019-1878",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-151160",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-1878",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2019-1878",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1878",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1878",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-1878",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-809",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-151160",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151160"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005801"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-809"
},
{
"db": "NVD",
"id": "CVE-2019-1878"
},
{
"db": "NVD",
"id": "CVE-2019-1878"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts on the targeted device. Cisco TelePresence Endpoint is prone to a command-injection vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCvo28194. \nThe following products of the Cisco are vulnerable:\nCisco TelePresence Integrator C Series\nCisco TelePresence EX Series\nCisco TelePresence MX Series\nCisco TelePresence SX Series\nCisco Webex Room Series. Collaboration Endpoint (CE) Software is a set of terminal collaboration software",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1878"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005801"
},
{
"db": "BID",
"id": "108883"
},
{
"db": "VULHUB",
"id": "VHN-151160"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1878",
"trust": 2.8
},
{
"db": "BID",
"id": "108883",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005801",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-809",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2208",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-151160",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151160"
},
{
"db": "BID",
"id": "108883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005801"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-809"
},
{
"db": "NVD",
"id": "CVE-2019-1878"
}
]
},
"id": "VAR-201906-0292",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-151160"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:16:59.047000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190619-tele-shell-inj",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-tele-shell-inj"
},
{
"title": "Cisco TelePresence Codec and Collaboration Endpoint Software Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93958"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005801"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151160"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005801"
},
{
"db": "NVD",
"id": "CVE-2019-1878"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-tele-shell-inj"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/108883"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1878"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1878"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2208/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151160"
},
{
"db": "BID",
"id": "108883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005801"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-809"
},
{
"db": "NVD",
"id": "CVE-2019-1878"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-151160"
},
{
"db": "BID",
"id": "108883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005801"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-809"
},
{
"db": "NVD",
"id": "CVE-2019-1878"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-151160"
},
{
"date": "2019-06-19T00:00:00",
"db": "BID",
"id": "108883"
},
{
"date": "2019-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005801"
},
{
"date": "2019-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-809"
},
{
"date": "2019-06-20T03:15:12.230000",
"db": "NVD",
"id": "CVE-2019-1878"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-151160"
},
{
"date": "2019-06-19T00:00:00",
"db": "BID",
"id": "108883"
},
{
"date": "2019-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005801"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-809"
},
{
"date": "2024-11-21T04:37:35.903000",
"db": "NVD",
"id": "CVE-2019-1878"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence Codec and Collaboration Endpoint In software OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005801"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-809"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.