CVE-2019-15288

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint (CE) (affected versions not specified) Cisco TelePresence Codec (TC) (affected versions not specified) Cisco RoomOS Software (affected versions not specified)

Description A vulnerability in the CLI of Cisco devices could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The issue is due to insufficient input validation. An attacker could exploit this by including specific arguments when opening an SSH connection to an affected device, potentially gaining unrestricted user access to the restricted shell.

Recommendations For Cisco TelePresence Collaboration Endpoint (CE), update to a version that addresses the insufficient input validation issue. For Cisco TelePresence Codec (TC), update to a version that addresses the insufficient input validation issue. For Cisco RoomOS Software, update to a version that addresses the insufficient input validation issue. As a temporary workaround, consider restricting SSH connections to affected devices until a patch is available.