CVE-2019-1878

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software (affected versions not specified)

Description A vulnerability in the Cisco Discovery Protocol (CDP) implementation could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The issue is due to insufficient input validation of received CDP packets. An attacker could exploit this by sending crafted CDP packets to an affected device, potentially allowing the execution of arbitrary shell commands or scripts on the targeted device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.