Sign-up

ID

VAR-201902-0424


CVE

CVE-2019-1660


TITLE

Cisco TelePresence Management Suite Vulnerability related to authorization, authority, and access control in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-001902

DESCRIPTION

A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited. Remote attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvj25332. This product is mainly used to deploy large-scale remote and local video conferencing, and provides contact management and centralized configuration management

Trust: 2.07

sources: NVD: CVE-2019-1660 // JVNDB: JVNDB-2019-001902 // BID: 106918 // VULHUB: VHN-148762 // VULMON: CVE-2019-1660

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence management suitescope:eqversion:15.2.1

Trust: 1.0

vendor:ciscomodel:telepresence management suitescope:eqversion:15.3

Trust: 1.0

vendor:ciscomodel:telepresence management suitescope:eqversion:15.6

Trust: 1.0

vendor:ciscomodel:telepresence management suitescope:eqversion:15.7

Trust: 1.0

vendor:ciscomodel:telepresence management suitescope:eqversion:15.4

Trust: 1.0

vendor:ciscomodel:telepresence management suitescope:eqversion:15.1

Trust: 1.0

vendor:ciscomodel:telepresence management suitescope:eqversion:15.5

Trust: 1.0

vendor:ciscomodel:telepresence management suitescope:eqversion:15.0

Trust: 1.0

vendor:ciscomodel:telepresence management suitescope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence management suitescope:eqversion:0

Trust: 0.3

sources: BID: 106918 // JVNDB: JVNDB-2019-001902 // NVD: CVE-2019-1660

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1660
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1660
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1660
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201902-291
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148762
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-1660
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1660
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-148762
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1660
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-148762 // VULMON: CVE-2019-1660 // JVNDB: JVNDB-2019-001902 // CNNVD: CNNVD-201902-291 // NVD: CVE-2019-1660 // NVD: CVE-2019-1660

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-284

Trust: 1.0

sources: VULHUB: VHN-148762 // JVNDB: JVNDB-2019-001902 // NVD: CVE-2019-1660

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-291

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201902-291

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001902

PATCH
title:cisco-sa-20190206-tms-soapurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-tms-soap
Trust: 0.8
title:Cisco: Cisco TelePresence Management Suite Simple Object Access Protocol Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190206-tms-soap
Trust: 0.1
title:cs-reaource-linksurl:https://github.com/rayiik/cs-reaource-links 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1660 // 
            
            
            
            JVNDB: JVNDB-2019-001902

EXTERNAL IDS
db:NVDid:CVE-2019-1660
Trust: 2.9
db:BIDid:106918
Trust: 2.1
db:JVNDBid:JVNDB-2019-001902
Trust: 0.8
db:CNNVDid:CNNVD-201902-291
Trust: 0.7
db:VULHUBid:VHN-148762
Trust: 0.1
db:VULMONid:CVE-2019-1660
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148762 // 
            
            
            
            VULMON: CVE-2019-1660 // 
            
            
            
            BID: 106918 // 
            
            
            
            JVNDB: JVNDB-2019-001902 // 
            
            
            
            CNNVD: CNNVD-201902-291 // 
            
            
            
            NVD: CVE-2019-1660

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190206-tms-soap
Trust: 2.2
url:http://www.securityfocus.com/bid/106918
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-1660
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1660
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://github.com/rayiik/cs-reaource-links
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148762 // 
            
            
            
            VULMON: CVE-2019-1660 // 
            
            
            
            BID: 106918 // 
            
            
            
            JVNDB: JVNDB-2019-001902 // 
            
            
            
            CNNVD: CNNVD-201902-291 // 
            
            
            
            NVD: CVE-2019-1660

CREDITS
the reporting entity has requested to remain anonymous.,This vulnerability was externally reported to Cisco; however,The vendor reported this issue.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-291

SOURCES
db:VULHUBid:VHN-148762
db:VULMONid:CVE-2019-1660
db:BIDid:106918
db:JVNDBid:JVNDB-2019-001902
db:CNNVDid:CNNVD-201902-291
db:NVDid:CVE-2019-1660

LAST UPDATE DATE
2024-08-14T15:39:00.535000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148762date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-1660date:2019-10-09T00:00:00
db:BIDid:106918date:2019-02-06T00:00:00
db:JVNDBid:JVNDB-2019-001902date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201902-291date:2019-03-04T00:00:00
db:NVDid:CVE-2019-1660date:2019-10-09T23:47:38.957

SOURCES RELEASE DATE
db:VULHUBid:VHN-148762date:2019-02-07T00:00:00
db:VULMONid:CVE-2019-1660date:2019-02-07T00:00:00
db:BIDid:106918date:2019-02-06T00:00:00
db:JVNDBid:JVNDB-2019-001902date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201902-291date:2019-02-06T00:00:00
db:NVDid:CVE-2019-1660date:2019-02-07T21:29:00.187