CVE-2019-15273

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint (CE) Software (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the CLI of the software due to insufficient permission enforcement and input validation. An authenticated, local attacker could exploit these vulnerabilities by submitting malicious input to specific commands, potentially allowing them to overwrite arbitrary files on the underlying filesystem. The attacker has no control over the contents of the data written to the file. Overwriting a critical file could cause the device to crash, resulting in a denial of service condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.