Published: 20/06/2019 Updated: 09/10/2019

CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 739

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent malicious user to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the malicious user to execute arbitrary shell commands or scripts on the targeted device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco telepresence ce
cisco telepresence tc

A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device The vulnerability is due to insufficient input validation of received CDP packets A ...

CWE-78 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-tele-shell-inj http://www.securityfocus.com/bid/108883 https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-tele-shell-inj

CVE-2019-1878

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect