CVE-2019-15288— Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-15288
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco TelePresence CE Software、TC Software和RoomOS Software 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco TelePresence CE Software 9.8.1之前版本、TC Software 7.3.19之前版本和Cisco RoomOS Software中的CLI存在输入验证错误漏洞,该漏洞源于不充分的输入验证。远程攻击者可利用该漏洞获取不受限的用户访问权限,来访问受限的shell。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco TelePresence TC Software | unspecified ~ n/a | - |
II. Public POCs for CVE-2019-15288
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-15288
请登录查看更多情报信息。
Same Patch Batch · Cisco · 2019-11-26 · 24 CVEs total
| CVE-2019-15998 | Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability | |
| CVE-2019-15973 | Cisco Industrial Network Director Reflected Cross-Site Scripting Vulnerability | |
| CVE-2019-15967 | Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability | |
| CVE-2019-15960 | Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability | |
| CVE-2019-15958 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution | |
| CVE-2019-15956 | Cisco Web Security Appliance Unauthorized Device Reset Vulnerability | |
| CVE-2019-15286 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne | |
| CVE-2019-15284 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne | |
| CVE-2019-15276 | Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability | |
| CVE-2019-15271 | Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution V | |
| CVE-2019-16002 | Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability | |
| CVE-2019-16001 | Cisco Webex Teams for Windows DLL Hijacking Vulnerability | |
| CVE-2019-15968 | Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability | |
| CVE-2019-15997 | Cisco DNA Spaces: Connector Command Injection Vulnerability | |
| CVE-2019-15996 | Cisco DNA Spaces: Connector Privilege Escalation Vulnerability | |
| CVE-2019-15995 | Cisco DNA Spaces: Connector SQL Injection Vulnerability | |
| CVE-2019-15994 | Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability | |
| CVE-2019-15990 | Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulner | |
| CVE-2019-15988 | Cisco Email Security Appliance URL Filtering Bypass Vulnerability | |
| CVE-2019-15987 | Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability |
Showing top 20 of 24 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Cisco TelePresence TC Software
- CVE-2019-15289
Cisco TelePresence Collaboration Endpoint and RoomOS Softwar - CVE-2020-3143
Cisco TelePresence Collaboration Endpoint, TelePresence Code - CVE-2019-15967
Cisco TelePresence Collaboration Endpoint and RoomOS Audio E - CVE-2019-15962
Cisco TelePresence Collaboration Endpoint Software Arbitrary - CVE-2019-15275
Cisco TelePresence Collaboration Endpoint Software Privilege
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-20
V. Comments for CVE-2019-15288
No comments yet