How severe is CVE-2019-15967?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2019-15967?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2019-15967 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit this vulnerability by gaining unrestricted access to the restricted shell and using the specific debug commands. A successful exploit could allow the attacker to enable the microphone of an affected device to record audio without notifying users.

Related Vulnerabilities

CVE-2015-2008

MEDIUM

CVSS:4.4(Medium)

IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive i...

CWE-2842015

CVE-2016-10549

MEDIUM

CVSS:4.4(Medium)

Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the valu...

CWE-2842016

CVE-2016-8222

MEDIUM

CVSS:4.4(Medium)

A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mod...

CWE-2842016

CVE-2017-18457

MEDIUM

CVSS:4.4(Medium)

cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).

CWE-2842017

CVE-2020-7253

MEDIUM

CVSS:4.4(Medium)

Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line ut...

CWE-2842020

CVE-2021-1583

MEDIUM

CVSS:4.4(Medium)

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local ...

CWE-2842021