CVE-2019-15967

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software (affected versions not specified)

Description The issue is related to a vulnerability in the CLI of the affected software, which could allow an authenticated, local attacker to enable audio recording without notifying users. This is due to unnecessary debug commands. An attacker could exploit this by gaining unrestricted access to the restricted shell and using specific debug commands, potentially allowing them to enable the microphone of an affected device to record audio without user notification. The vulnerability is also associated with inadequate access control.

Recommendations For Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software, consider restricting access to the restricted shell and disabling unnecessary debug commands as a temporary workaround until a patch is available. Restricting access to the CLI and limiting the use of debug commands can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.