Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3876
Cisco TelePresence Collaboration Endpoint Software Vulnerabilities
17 October 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco TelePresence Collaboration Endpoint Software
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Existing Account
Overwrite Arbitrary Files -- Existing Account
Create Arbitrary Files -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-15962 CVE-2019-15277 CVE-2019-15275
CVE-2019-15274 CVE-2019-15273
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-file-ovrwrt
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-filewrite
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-cmdinj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-telepres-escalation
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-privescal
Comment: This bulletin contains five (5) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite
Vulnerabilities
Priority: Medium
Advisory ID: cisco-sa-20191016-tele-ce-file-ovrwrt
First Published: 2019 October 16 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvq12165CSCvq12169CSCvq29898CSCvq29899
CVE-2019-15273
CWE-20
CVSS Score:
6.0 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:X/RL:X/RC:X
Summary
o Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration
Endpoint (CE) Software could allow an authenticated, local attacker to
overwrite arbitrary files.
The vulnerabilities are due to insufficient permission enforcement. An
attacker could exploit these vulnerabilities by authenticating as the
remote support user and submitting malicious input to specific commands. A
successful exploit could allow the attacker to overwrite arbitrary files on
the underlying filesystem. The attacker has no control over the contents of
the data written to the file. Overwriting a critical file could cause the
device to crash, resulting in a denial of service condition (DoS).
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20191016-tele-ce-file-ovrwrt
Affected Products
o Vulnerable Products
At the time of publication, these vulnerabilities affected Cisco
TelePresence CE Software releases earlier than Release 9.8.1.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories and Alerts page , to determine exposure and a
complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco TelePresence CE Software releases 9.8.1
and later contained the fix for these vulnerabilities.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o These vulnerabilities were found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20191016-tele-ce-file-ovrwrt
Revision History
o +---------+--------------------------+---------+--------+-----------------+
| Version | Description | Section | Status | Date |
+---------+--------------------------+---------+--------+-----------------+
| 1.0 | Initial public release. | - | Final | 2019-October-16 |
+---------+--------------------------+---------+--------+-----------------+
- --------------------------------------------------------------------------------
Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write
Vulnerability
Priority: Medium
Advisory ID: cisco-sa-20191016-tele-ce-filewrite
First Published: 2019 October 16 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvq47315
CVE-2019-15962
CWE-275
CVSS Score:
4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X
Summary
o A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint
(CE) Software could allow an authenticated, local attacker to write files
to the /root directory of an affected device.
The vulnerability is due to improper permission assignment. An attacker
could exploit this vulnerability by logging in as the remotesupport user
and writing files to the /root directory of an affected device.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20191016-tele-ce-filewrite
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected the following Cisco
products if they were running Cisco TelePresence CE Software release
earlier than Release 9.8.1:
Webex Board 55
Webex Board 55S
Webex Board 70
Webex Board 70S
Webex Board 85S
Webex Room 55
Webex Room 55 Dual
Webex Room 70 Single
Webex Room 70 Dual
Webex Room 70 Single G2
Webex Room 70 Dual G2
Webex Room Kit
Webex Room Kit Mini
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories and Alerts page , to determine exposure and a
complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco TelePresence CE Software releases 9.8.1
and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20191016-tele-ce-filewrite
Revision History
o +---------+--------------------------+---------+--------+-----------------+
| Version | Description | Section | Status | Date |
+---------+--------------------------+---------+--------+-----------------+
| 1.0 | Initial public release. | - | Final | 2019-October-16 |
+---------+--------------------------+---------+--------+-----------------+
- --------------------------------------------------------------------------------
Cisco TelePresence Collaboration Endpoint Software Command Injection
Vulnerability
Priority: Medium
Advisory ID: cisco-sa-20191016-tele-ce-cmdinj
First Published: 2019 October 16 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvq29893
CVE-2019-15274
CWE-78
CVSS Score:
6.4 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Summary
o A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint
(CE) Software could allow an authenticated, local attacker to perform
command injections.
The vulnerability is due to insufficient input validation. An attacker
could exploit this vulnerability by authenticating as an administrative
level user within the restricted shell and submitting malicious input to a
specific command. A successful exploit could allow the attacker to execute
previously staged code from the underlying filesystem.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20191016-tele-ce-cmdinj
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco TelePresence
CE Software releases earlier than Release 9.8.1.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories and Alerts page , to determine exposure and a
complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco TelePresence CE Software releases 9.8.1
and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20191016-tele-ce-cmdinj
Revision History
o +---------+--------------------------+---------+--------+-----------------+
| Version | Description | Section | Status | Date |
+---------+--------------------------+---------+--------+-----------------+
| 1.0 | Initial public release. | - | Final | 2019-October-16 |
+---------+--------------------------+---------+--------+-----------------+
- --------------------------------------------------------------------------------
Cisco TelePresence Collaboration Endpoint Software Privilege Escalation
Vulnerability
Priority: Medium
Advisory ID: cisco-sa-20191016-telepres-escalation
First Published: 2019 October 16 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvp93715
CVE-2019-15277
CWE-264
CVSS Score:
6.4 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Summary
o A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint
(CE) Software could allow an authenticated, local attacker to execute code
with root privileges.
The vulnerability is due to insufficient input validation. An attacker
could exploit this vulnerability by authenticating as the remote support
user and sending malicious traffic to a listener who is internal to the
device. A successful exploit could allow the attacker to execute commands
with root privileges.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20191016-telepres-escalation
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco TelePresence
CE Software releases earlier than Release 9.8.0.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories and Alerts page , to determine exposure and a
complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco TelePresence CE Software releases 9.8.0
and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20191016-telepres-escalation
Revision History
o +---------+--------------------------+---------+--------+-----------------+
| Version | Description | Section | Status | Date |
+---------+--------------------------+---------+--------+-----------------+
| 1.0 | Initial public release. | - | Final | 2019-October-16 |
+---------+--------------------------+---------+--------+-----------------+
- --------------------------------------------------------------------------------
Cisco TelePresence Collaboration Endpoint Software Privilege Escalation
Vulnerability
Priority: Medium
Advisory ID: cisco-sa-20191016-tele-ce-privescal
First Published: 2019 October 16 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds availableCisco Bug IDs: CSCvq29890CSCvq29895
CVE-2019-15275
CWE-264
CVSS Score:
6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Summary
o A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint
(CE) Software could allow an authenticated, local attacker to execute
arbitrary commands with root privileges.
The vulnerability is due to insufficient input validation. An attacker
could exploit this vulnerability by authenticating as the remote support
user and submitting malicious input to a specific command. A successful
exploit could allow the attacker to execute arbitrary commands on the
underlying operating system (OS) with root privileges.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20191016-tele-ce-privescal
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco TelePresence
CE Software releases earlier than Release 9.8.1.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories and Alerts page , to determine exposure and a
complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco TelePresence CE Software releases 9.8.1
and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20191016-tele-ce-privescal
Revision History
o +---------+--------------------------+---------+--------+-----------------+
| Version | Description | Section | Status | Date |
+---------+--------------------------+---------+--------+-----------------+
| 1.0 | Initial public release. | - | Final | 2019-October-16 |
+---------+--------------------------+---------+--------+-----------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXagEfWaOgq3Tt24GAQiQyA//TrbWVjZQrSlO4YO4DOHkGDAh0XfWE824
okuAU6g00lKzSkgsRVPG91sI2ctGAttWlh5FSgbbdPGG4XOHDhFp0w9fFZvoDMBk
3MKVcypGfHuca1PvPt7VXiV9y4P5JN7lnagbmIbo62OxjeHYkfRSYMa20RBTytqg
117M1XOLoFSk3uw/THwLaF8KCX+Y/Szi6UKHRCySjeLVFWM65deyDzbU29d4D6A6
1oLuAHDTSzIUdKszAYKfFZqIGknClsJGVlkAscBbrKO0YM+6G9SKlrJ63vyhxOJb
Tak6bCnNNlCdh+ddAQ0RcxZZbLB0ric+ZCgUtQ5UHTBUixH7T5kPJp4bssZDHsa4
Uy8rcyhdGg01HiOcsAf6uvQwUtB1Ae5uIrBcgofRjgCIk/hSDPJuJeiY1trtoYek
oi/ehMebKSLVGd1R197A4/cVemj0vl/mhxuwGplaYSC3Wq1mJDIdRcVaSdGQbUXE
rzA2QBYoOVjhzRB2ER045Uw6eAgrjkObHcnXd0ghRXO/aEp5PyMNroCfzaSDMUxm
yN1pQOCmqDdEAJ/z+ukkfA0cRfu8n9SFdU1Rm4uMuBeZprV0x5PenJtEMA+BsZpS
hN1sY9RnO2L/NWvF6gqj1jplu5AdeQz9rqV2QCcEfgcXNBrqdoANcATfMNutPY63
9QfIbumu73c=
=TGBS
-----END PGP SIGNATURE-----