Details of VAR-201902-0448

ID

VAR-201902-0448

CVE

CVE-2019-1680

TITLE

Cisco Webex Business Suite Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001893

DESCRIPTION

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected. Cisco Webex Business Suite Contains an input validation vulnerability.Information may be tampered with. Remote attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCvn46629

Trust: 1.98

sources: NVD: CVE-2019-1680 // JVNDB: JVNDB-2019-001893 // BID: 106939 // VULHUB: VHN-148982

AFFECTED PRODUCTS

vendor:	cisco	model:	webex business suite	scope:	lt	version:	3.0.9	Trust: 1.8
vendor:	cisco	model:	webex meetings online	scope:	lt	version:	1.3.42	Trust: 1.0
vendor:	cisco	model:	webex meetings online	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex business suite	scope:	eq	version:	0	Trust: 0.3

sources: BID: 106939 // JVNDB: JVNDB-2019-001893 // NVD: CVE-2019-1680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1680
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1680
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1680
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201902-305
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-148982
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1680
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148982
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1680
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1680
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-148982 // JVNDB: JVNDB-2019-001893 // CNNVD: CNNVD-201902-305 // NVD: CVE-2019-1680 // NVD: CVE-2019-1680

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-74	Trust: 1.0

sources: VULHUB: VHN-148982 // JVNDB: JVNDB-2019-001893 // NVD: CVE-2019-1680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-305

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201902-305

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001893

PATCH

title:	cisco-sa-20190206-webex-injection	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-webex-injection	Trust: 0.8
title:	Cisco Webex Business Suite Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89113	Trust: 0.6

sources: JVNDB: JVNDB-2019-001893 // CNNVD: CNNVD-201902-305

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1680	Trust: 2.8
db:	BID	id:	106939	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001893	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-305	Trust: 0.7
db:	NSFOCUS	id:	43674	Trust: 0.6
db:	VULHUB	id:	VHN-148982	Trust: 0.1

sources: VULHUB: VHN-148982 // BID: 106939 // JVNDB: JVNDB-2019-001893 // CNNVD: CNNVD-201902-305 // NVD: CVE-2019-1680

REFERENCES

url:	http://www.securityfocus.com/bid/106939	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190206-webex-injection	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1680	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1680	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/43674	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-148982 // BID: 106939 // JVNDB: JVNDB-2019-001893 // CNNVD: CNNVD-201902-305 // NVD: CVE-2019-1680

CREDITS

Prasenjit Kanti Paul,Cisco would like to thank Prasenjit Kanti Paul for reporting this vulnerability.

Trust: 0.6

sources: CNNVD: CNNVD-201902-305

SOURCES

db:	VULHUB	id:	VHN-148982
db:	BID	id:	106939
db:	JVNDB	id:	JVNDB-2019-001893
db:	CNNVD	id:	CNNVD-201902-305
db:	NVD	id:	CVE-2019-1680

LAST UPDATE DATE

2024-11-23T21:37:38.982000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148982	date:	2019-10-09T00:00:00
db:	BID	id:	106939	date:	2019-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-001893	date:	2019-03-28T00:00:00
db:	CNNVD	id:	CNNVD-201902-305	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1680	date:	2024-11-21T04:37:05.040

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148982	date:	2019-02-07T00:00:00
db:	BID	id:	106939	date:	2019-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-001893	date:	2019-03-28T00:00:00
db:	CNNVD	id:	CNNVD-201902-305	date:	2019-02-06T00:00:00
db:	NVD	id:	CVE-2019-1680	date:	2019-02-07T21:29:00.250