Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3876 Cisco TelePresence Collaboration Endpoint Software Vulnerabilities 17 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco TelePresence Collaboration Endpoint Software Publisher: Cisco Systems Operating System: Cisco Impact/Access: Root Compromise -- Existing Account Execute Arbitrary Code/Commands -- Existing Account Overwrite Arbitrary Files -- Existing Account Create Arbitrary Files -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-15962 CVE-2019-15277 CVE-2019-15275 CVE-2019-15274 CVE-2019-15273 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-file-ovrwrt https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-filewrite https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-cmdinj https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-telepres-escalation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-privescal Comment: This bulletin contains five (5) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities Priority: Medium Advisory ID: cisco-sa-20191016-tele-ce-file-ovrwrt First Published: 2019 October 16 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvq12165CSCvq12169CSCvq29898CSCvq29899 CVE-2019-15273 CWE-20 CVSS Score: 6.0 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:X/RL:X/RC:X Summary o Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by authenticating as the remote support user and submitting malicious input to specific commands. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying filesystem. The attacker has no control over the contents of the data written to the file. Overwriting a critical file could cause the device to crash, resulting in a denial of service condition (DoS). Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20191016-tele-ce-file-ovrwrt Affected Products o Vulnerable Products At the time of publication, these vulnerabilities affected Cisco TelePresence CE Software releases earlier than Release 9.8.1. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities. Workarounds o There are no workarounds that address these vulnerabilities. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco TelePresence CE Software releases 9.8.1 and later contained the fix for these vulnerabilities. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. Source o These vulnerabilities were found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20191016-tele-ce-file-ovrwrt Revision History o +---------+--------------------------+---------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+--------------------------+---------+--------+-----------------+ | 1.0 | Initial public release. | - | Final | 2019-October-16 | +---------+--------------------------+---------+--------+-----------------+ - -------------------------------------------------------------------------------- Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability Priority: Medium Advisory ID: cisco-sa-20191016-tele-ce-filewrite First Published: 2019 October 16 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvq47315 CVE-2019-15962 CWE-275 CVSS Score: 4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20191016-tele-ce-filewrite Affected Products o Vulnerable Products At the time of publication, this vulnerability affected the following Cisco products if they were running Cisco TelePresence CE Software release earlier than Release 9.8.1: Webex Board 55 Webex Board 55S Webex Board 70 Webex Board 70S Webex Board 85S Webex Room 55 Webex Room 55 Dual Webex Room 70 Single Webex Room 70 Dual Webex Room 70 Single G2 Webex Room 70 Dual G2 Webex Room Kit Webex Room Kit Mini See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco TelePresence CE Software releases 9.8.1 and later contained the fix for this vulnerability. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20191016-tele-ce-filewrite Revision History o +---------+--------------------------+---------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+--------------------------+---------+--------+-----------------+ | 1.0 | Initial public release. | - | Final | 2019-October-16 | +---------+--------------------------+---------+--------+-----------------+ - -------------------------------------------------------------------------------- Cisco TelePresence Collaboration Endpoint Software Command Injection Vulnerability Priority: Medium Advisory ID: cisco-sa-20191016-tele-ce-cmdinj First Published: 2019 October 16 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvq29893 CVE-2019-15274 CWE-78 CVSS Score: 6.4 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an administrative level user within the restricted shell and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute previously staged code from the underlying filesystem. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20191016-tele-ce-cmdinj Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco TelePresence CE Software releases earlier than Release 9.8.1. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco TelePresence CE Software releases 9.8.1 and later contained the fix for this vulnerability. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20191016-tele-ce-cmdinj Revision History o +---------+--------------------------+---------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+--------------------------+---------+--------+-----------------+ | 1.0 | Initial public release. | - | Final | 2019-October-16 | +---------+--------------------------+---------+--------+-----------------+ - -------------------------------------------------------------------------------- Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability Priority: Medium Advisory ID: cisco-sa-20191016-telepres-escalation First Published: 2019 October 16 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvp93715 CVE-2019-15277 CWE-264 CVSS Score: 6.4 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and sending malicious traffic to a listener who is internal to the device. A successful exploit could allow the attacker to execute commands with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20191016-telepres-escalation Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco TelePresence CE Software releases earlier than Release 9.8.0. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco TelePresence CE Software releases 9.8.0 and later contained the fix for this vulnerability. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20191016-telepres-escalation Revision History o +---------+--------------------------+---------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+--------------------------+---------+--------+-----------------+ | 1.0 | Initial public release. | - | Final | 2019-October-16 | +---------+--------------------------+---------+--------+-----------------+ - -------------------------------------------------------------------------------- Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability Priority: Medium Advisory ID: cisco-sa-20191016-tele-ce-privescal First Published: 2019 October 16 16:00 GMT Version 1.0: Final Workarounds: No workarounds availableCisco Bug IDs: CSCvq29890CSCvq29895 CVE-2019-15275 CWE-264 CVSS Score: 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20191016-tele-ce-privescal Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco TelePresence CE Software releases earlier than Release 9.8.1. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco TelePresence CE Software releases 9.8.1 and later contained the fix for this vulnerability. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20191016-tele-ce-privescal Revision History o +---------+--------------------------+---------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+--------------------------+---------+--------+-----------------+ | 1.0 | Initial public release. | - | Final | 2019-October-16 | +---------+--------------------------+---------+--------+-----------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXagEfWaOgq3Tt24GAQiQyA//TrbWVjZQrSlO4YO4DOHkGDAh0XfWE824 okuAU6g00lKzSkgsRVPG91sI2ctGAttWlh5FSgbbdPGG4XOHDhFp0w9fFZvoDMBk 3MKVcypGfHuca1PvPt7VXiV9y4P5JN7lnagbmIbo62OxjeHYkfRSYMa20RBTytqg 117M1XOLoFSk3uw/THwLaF8KCX+Y/Szi6UKHRCySjeLVFWM65deyDzbU29d4D6A6 1oLuAHDTSzIUdKszAYKfFZqIGknClsJGVlkAscBbrKO0YM+6G9SKlrJ63vyhxOJb Tak6bCnNNlCdh+ddAQ0RcxZZbLB0ric+ZCgUtQ5UHTBUixH7T5kPJp4bssZDHsa4 Uy8rcyhdGg01HiOcsAf6uvQwUtB1Ae5uIrBcgofRjgCIk/hSDPJuJeiY1trtoYek oi/ehMebKSLVGd1R197A4/cVemj0vl/mhxuwGplaYSC3Wq1mJDIdRcVaSdGQbUXE rzA2QBYoOVjhzRB2ER045Uw6eAgrjkObHcnXd0ghRXO/aEp5PyMNroCfzaSDMUxm yN1pQOCmqDdEAJ/z+ukkfA0cRfu8n9SFdU1Rm4uMuBeZprV0x5PenJtEMA+BsZpS hN1sY9RnO2L/NWvF6gqj1jplu5AdeQz9rqV2QCcEfgcXNBrqdoANcATfMNutPY63 9QfIbumu73c= =TGBS -----END PGP SIGNATURE-----