CVE-2019-1878
Summary
| CVE | CVE-2019-1878 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-06-20 03:15:00 UTC |
| Updated | 2019-10-09 23:48:00 UTC |
| Description | A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts on the targeted device. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Telepresence Ce | All | All | All | All |
| Application | Cisco | Telepresence Ce | All | All | All | All |
| Application | Cisco | Telepresence Tc | All | All | All | All |
| Application | Cisco | Telepresence Tc | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco TelePresence Endpoint CVE-2019-1878 Command Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco TelePresence Endpoint Command Shell Injection Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.