Details of VAR-201901-0362

ID

VAR-201901-0362

CVE

CVE-2019-1636

TITLE

Cisco Webex Teams client In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001357

DESCRIPTION

A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. Cisco Webex Teams client Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. Cisco Webex Teams is prone to a local untrusted search path vulnerability. This issue being tracked by Cisco Bug ID CSCvm25955. Versions prior to Cisco Webex Teams 3.0.10260 are vulnerable. The program includes features such as video conferencing, group messaging and file sharing

Trust: 2.7

sources: NVD: CVE-2019-1636 // JVNDB: JVNDB-2019-001357 // ZDI: ZDI-19-129 // BID: 106718 // VULHUB: VHN-148498 // VULMON: CVE-2019-1636

AFFECTED PRODUCTS

vendor:	cisco	model:	webex teams	scope:	eq	version:	3.0.4533	Trust: 1.0
vendor:	cisco	model:	webex teams	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex	scope:	-	version:	-	Trust: 0.7
vendor:	cisco	model:	webex teams	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	webex teams	scope:	ne	version:	3.0.10260	Trust: 0.3

sources: ZDI: ZDI-19-129 // BID: 106718 // JVNDB: JVNDB-2019-001357 // NVD: CVE-2019-1636

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1636
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1636
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1636
value:	HIGH
Trust: 0.8
ZDI:	CVE-2019-1636
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201901-849
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148498
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-1636
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1636
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-148498
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1636
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 2.8
ZDI:	CVE-2019-1636
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-19-129 // VULHUB: VHN-148498 // VULMON: CVE-2019-1636 // JVNDB: JVNDB-2019-001357 // CNNVD: CNNVD-201901-849 // NVD: CVE-2019-1636 // NVD: CVE-2019-1636

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-148498 // JVNDB: JVNDB-2019-001357 // NVD: CVE-2019-1636

THREAT TYPE

local

Trust: 0.9

sources: BID: 106718 // CNNVD: CNNVD-201901-849

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-849

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001357

PATCH

title:	cisco-sa-20190123-webex-teams	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams	Trust: 1.5
title:	Cisco Webex Teams Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88931	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2019/01/24/cisco_sd_wan_bugs/	Trust: 0.2
title:	Cisco: Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190123-webex-teams	Trust: 0.1
title:	EAOrigin_remote_code	url:	https://github.com/segregator/EAOrigin_remote_code	Trust: 0.1
title:	-	url:	https://github.com/b9q/EAOrigin_remote_code	Trust: 0.1
title:	sec-daily-2019	url:	https://github.com/alphaSeclab/sec-daily-2019	Trust: 0.1

sources: ZDI: ZDI-19-129 // VULMON: CVE-2019-1636 // JVNDB: JVNDB-2019-001357 // CNNVD: CNNVD-201901-849

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1636	Trust: 3.6
db:	BID	id:	106718	Trust: 2.1
db:	JVNDB	id:	JVNDB-2019-001357	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-7160	Trust: 0.7
db:	ZDI	id:	ZDI-19-129	Trust: 0.7
db:	CNNVD	id:	CNNVD-201901-849	Trust: 0.7
db:	NSFOCUS	id:	43899	Trust: 0.6
db:	CNVD	id:	CNVD-2020-12740	Trust: 0.1
db:	VULHUB	id:	VHN-148498	Trust: 0.1
db:	VULMON	id:	CVE-2019-1636	Trust: 0.1

sources: ZDI: ZDI-19-129 // VULHUB: VHN-148498 // VULMON: CVE-2019-1636 // BID: 106718 // JVNDB: JVNDB-2019-001357 // CNNVD: CNNVD-201901-849 // NVD: CVE-2019-1636

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-webex-teams	Trust: 2.9
url:	http://www.securityfocus.com/bid/106718	Trust: 2.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1636	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1636	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/43899	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/segregator/eaorigin_remote_code	Trust: 0.1

sources: ZDI: ZDI-19-129 // VULHUB: VHN-148498 // VULMON: CVE-2019-1636 // BID: 106718 // JVNDB: JVNDB-2019-001357 // CNNVD: CNNVD-201901-849 // NVD: CVE-2019-1636

CREDITS

rgod of 9sg Security Team - rgod@9sgsec.com

Trust: 0.7

sources: ZDI: ZDI-19-129

SOURCES

db:	ZDI	id:	ZDI-19-129
db:	VULHUB	id:	VHN-148498
db:	VULMON	id:	CVE-2019-1636
db:	BID	id:	106718
db:	JVNDB	id:	JVNDB-2019-001357
db:	CNNVD	id:	CNNVD-201901-849
db:	NVD	id:	CVE-2019-1636

LAST UPDATE DATE

2024-08-14T15:23:14.757000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-129	date:	2019-01-25T00:00:00
db:	VULHUB	id:	VHN-148498	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2019-1636	date:	2019-10-09T00:00:00
db:	BID	id:	106718	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001357	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201901-849	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1636	date:	2019-10-09T23:47:34.330

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-19-129	date:	2019-01-25T00:00:00
db:	VULHUB	id:	VHN-148498	date:	2019-01-23T00:00:00
db:	VULMON	id:	CVE-2019-1636	date:	2019-01-23T00:00:00
db:	BID	id:	106718	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001357	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201901-849	date:	2019-01-24T00:00:00
db:	NVD	id:	CVE-2019-1636	date:	2019-01-23T22:29:00.493