CVE-2019-15962

MEDIUM Year: 2019
CVSS v3 Score
4.4
Medium
CVSS v2 Score
6.6
Medium
Weakness Type
CWE-275
View all →

Vulnerability Description

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device.

Related Vulnerabilities

CVE-2012-5628

MEDIUM
CVSS:4.4(Medium)

gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries.

CWE-2752012

CVE-2016-6648

MEDIUM
CVSS:4.4(Medium)

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissio...

CWE-2752016

CVE-2013-4201

MEDIUM
CVSS:4.3(Medium)

Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.

CWE-2752013

CVE-2016-2406

MEDIUM
CVSS:4.3(Medium)

The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by le...

CWE-2752016

CVE-2016-4873

MEDIUM
CVSS:4.3(Medium)

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.

CWE-2752016

CVE-2016-9461

MEDIUM
CVSS:4.3(Medium)

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on ...

CWE-2752016