PT-2019-2438 · Cisco · Cisco Telepresence Codec (Tc)/Collaboration Endpoint (Ce)

Published

2019-06-19

Updated

2019-10-09

CVE-2019-1878

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software (affected versions not specified)

Description A vulnerability in the Cisco Discovery Protocol (CDP) implementation could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The issue is due to insufficient input validation of received CDP packets. An attacker could exploit this by sending crafted CDP packets to an affected device, potentially allowing the execution of arbitrary shell commands or scripts on the targeted device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2019-02216

CVE-2019-1878

Affected Products

Cisco Telepresence Codec (Tc)/Collaboration Endpoint (Ce)

PT-2019-2438 · Cisco · Cisco Telepresence Codec (Tc)/Collaboration Endpoint (Ce)

CVE-2019-1878

Weakness Enumeration

Related Identifiers

Affected Products

References · 7