ID

VAR-201901-0362


CVE

CVE-2019-1636


TITLE

Cisco Webex Teams client In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001357

DESCRIPTION

A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. Cisco Webex Teams client Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. Cisco Webex Teams is prone to a local untrusted search path vulnerability. This issue being tracked by Cisco Bug ID CSCvm25955. Versions prior to Cisco Webex Teams 3.0.10260 are vulnerable. The program includes features such as video conferencing, group messaging and file sharing

Trust: 2.7

sources: NVD: CVE-2019-1636 // JVNDB: JVNDB-2019-001357 // ZDI: ZDI-19-129 // BID: 106718 // VULHUB: VHN-148498 // VULMON: CVE-2019-1636

AFFECTED PRODUCTS

vendor:ciscomodel:webex teamsscope:eqversion:3.0.4533

Trust: 1.0

vendor:ciscomodel:webex teamsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webexscope: - version: -

Trust: 0.7

vendor:ciscomodel:webex teamsscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:webex teamsscope:neversion:3.0.10260

Trust: 0.3

sources: ZDI: ZDI-19-129 // BID: 106718 // JVNDB: JVNDB-2019-001357 // NVD: CVE-2019-1636

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1636
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1636
value: HIGH

Trust: 1.0

NVD: CVE-2019-1636
value: HIGH

Trust: 0.8

ZDI: CVE-2019-1636
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201901-849
value: HIGH

Trust: 0.6

VULHUB: VHN-148498
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1636
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1636
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-148498
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1636
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 2.8

ZDI: CVE-2019-1636
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-19-129 // VULHUB: VHN-148498 // VULMON: CVE-2019-1636 // JVNDB: JVNDB-2019-001357 // CNNVD: CNNVD-201901-849 // NVD: CVE-2019-1636 // NVD: CVE-2019-1636

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-148498 // JVNDB: JVNDB-2019-001357 // NVD: CVE-2019-1636

THREAT TYPE

local

Trust: 0.9

sources: BID: 106718 // CNNVD: CNNVD-201901-849

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-849

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001357

PATCH

title:cisco-sa-20190123-webex-teamsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams

Trust: 1.5

title:Cisco Webex Teams Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88931

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2019/01/24/cisco_sd_wan_bugs/

Trust: 0.2

title:Cisco: Cisco Webex Teams URI Handler Insecure Library Loading Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190123-webex-teams

Trust: 0.1

title:EAOrigin_remote_codeurl:https://github.com/segregator/EAOrigin_remote_code

Trust: 0.1

title: - url:https://github.com/b9q/EAOrigin_remote_code

Trust: 0.1

title:sec-daily-2019url:https://github.com/alphaSeclab/sec-daily-2019

Trust: 0.1

sources: ZDI: ZDI-19-129 // VULMON: CVE-2019-1636 // JVNDB: JVNDB-2019-001357 // CNNVD: CNNVD-201901-849

EXTERNAL IDS

db:NVDid:CVE-2019-1636

Trust: 3.6

db:BIDid:106718

Trust: 2.1

db:JVNDBid:JVNDB-2019-001357

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-7160

Trust: 0.7

db:ZDIid:ZDI-19-129

Trust: 0.7

db:CNNVDid:CNNVD-201901-849

Trust: 0.7

db:NSFOCUSid:43899

Trust: 0.6

db:CNVDid:CNVD-2020-12740

Trust: 0.1

db:VULHUBid:VHN-148498

Trust: 0.1

db:VULMONid:CVE-2019-1636

Trust: 0.1

sources: ZDI: ZDI-19-129 // VULHUB: VHN-148498 // VULMON: CVE-2019-1636 // BID: 106718 // JVNDB: JVNDB-2019-001357 // CNNVD: CNNVD-201901-849 // NVD: CVE-2019-1636

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-webex-teams

Trust: 2.9

url:http://www.securityfocus.com/bid/106718

Trust: 2.5

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1636

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-1636

Trust: 0.8

url:http://www.nsfocus.net/vulndb/43899

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/segregator/eaorigin_remote_code

Trust: 0.1

sources: ZDI: ZDI-19-129 // VULHUB: VHN-148498 // VULMON: CVE-2019-1636 // BID: 106718 // JVNDB: JVNDB-2019-001357 // CNNVD: CNNVD-201901-849 // NVD: CVE-2019-1636

CREDITS

rgod of 9sg Security Team - rgod@9sgsec.com

Trust: 0.7

sources: ZDI: ZDI-19-129

SOURCES

db:ZDIid:ZDI-19-129
db:VULHUBid:VHN-148498
db:VULMONid:CVE-2019-1636
db:BIDid:106718
db:JVNDBid:JVNDB-2019-001357
db:CNNVDid:CNNVD-201901-849
db:NVDid:CVE-2019-1636

LAST UPDATE DATE

2024-08-14T15:23:14.757000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-129date:2019-01-25T00:00:00
db:VULHUBid:VHN-148498date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-1636date:2019-10-09T00:00:00
db:BIDid:106718date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001357date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201901-849date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1636date:2019-10-09T23:47:34.330

SOURCES RELEASE DATE

db:ZDIid:ZDI-19-129date:2019-01-25T00:00:00
db:VULHUBid:VHN-148498date:2019-01-23T00:00:00
db:VULMONid:CVE-2019-1636date:2019-01-23T00:00:00
db:BIDid:106718date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001357date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201901-849date:2019-01-24T00:00:00
db:NVDid:CVE-2019-1636date:2019-01-23T22:29:00.493