Details of VAR-201902-0445

ID

VAR-201902-0445

CVE

CVE-2019-1677

TITLE

Cisco Webex Meetings Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-001236

DESCRIPTION

A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions prior to 11.7.0.236 are affected. Cisco Webex Meetings Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvn97559. Cisco Webex Meetings for Android is an online meeting application based on the Android platform developed by Cisco

Trust: 1.98

sources: NVD: CVE-2019-1677 // JVNDB: JVNDB-2019-001236 // BID: 106933 // VULHUB: VHN-148949

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings	scope:	lt	version:	11.7.0.236	Trust: 1.8
vendor:	cisco	model:	webex meetings for android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 106933 // JVNDB: JVNDB-2019-001236 // NVD: CVE-2019-1677

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1677
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1677
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1677
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201902-298
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-148949
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-1677
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148949
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1677
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	2.7
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1677
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.5
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-148949 // JVNDB: JVNDB-2019-001236 // CNNVD: CNNVD-201902-298 // NVD: CVE-2019-1677 // NVD: CVE-2019-1677

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-148949 // JVNDB: JVNDB-2019-001236 // NVD: CVE-2019-1677

THREAT TYPE

local

Trust: 0.9

sources: BID: 106933 // CNNVD: CNNVD-201902-298

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201902-298

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001236

PATCH

title:	cisco-sa-20190206-webex-andro-xss	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-webex-andro-xss	Trust: 0.8
title:	Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89107	Trust: 0.6

sources: JVNDB: JVNDB-2019-001236 // CNNVD: CNNVD-201902-298

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1677	Trust: 2.8
db:	BID	id:	106933	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001236	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-298	Trust: 0.7
db:	VULHUB	id:	VHN-148949	Trust: 0.1

sources: VULHUB: VHN-148949 // BID: 106933 // JVNDB: JVNDB-2019-001236 // CNNVD: CNNVD-201902-298 // NVD: CVE-2019-1677

REFERENCES

url:	http://www.securityfocus.com/bid/106933	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190206-webex-andro-xss	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1677	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1677	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190206-webex-andro-xssvendor advisory	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps12732/index.html	Trust: 0.3

sources: VULHUB: VHN-148949 // BID: 106933 // JVNDB: JVNDB-2019-001236 // CNNVD: CNNVD-201902-298 // NVD: CVE-2019-1677

CREDITS

Yogesh Tantak from TechMahindra,Cisco would like to thank Yogesh Tantak from TechMahindra for reporting this vulnerability.

Trust: 0.6

sources: CNNVD: CNNVD-201902-298

SOURCES

db:	VULHUB	id:	VHN-148949
db:	BID	id:	106933
db:	JVNDB	id:	JVNDB-2019-001236
db:	CNNVD	id:	CNNVD-201902-298
db:	NVD	id:	CVE-2019-1677

LAST UPDATE DATE

2024-08-14T15:39:00.503000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148949	date:	2019-10-09T00:00:00
db:	BID	id:	106933	date:	2019-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-001236	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201902-298	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1677	date:	2023-03-23T17:37:45.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148949	date:	2019-02-07T00:00:00
db:	BID	id:	106933	date:	2019-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-001236	date:	2019-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201902-298	date:	2019-02-06T00:00:00
db:	NVD	id:	CVE-2019-1677	date:	2019-02-07T19:29:00.223