CVE-2019-15289

CVE Database · CVE-2019-15289

CVE-2019-15289

· HIGHModified

CVSS v3.1

7.5

EPSS

1.37%

Published

Sep 22, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted traffic to the video service of an affected endpoint. A successful exploit could allow the attacker to cause the video service to crash, resulting in a DoS condition on an affected device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (7)

cisco · roomosvulnerable

cisco · telepresence_collaboration_endpoint (up to 9.8.0)vulnerable

cisco · webex_board_55

cisco · webex_board_55s

cisco · webex_board_70

cisco · webex_board_70s

cisco · webex_board_85s

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roomos-dos

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roomos-dos

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs