ID

VAR-201902-0455


CVE

CVE-2019-1689


TITLE

Cisco Webex Teams Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002109

DESCRIPTION

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920. Cisco Webex Teams Contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvn16403. The program includes features such as video conferencing, group messaging and file sharing

Trust: 1.98

sources: NVD: CVE-2019-1689 // JVNDB: JVNDB-2019-002109 // BID: 107101 // VULHUB: VHN-149081

AFFECTED PRODUCTS

vendor:ciscomodel:webex teamsscope:ltversion:3.13.26920

Trust: 1.0

vendor:ciscomodel:webex teamsscope:ltversion:3.13.26920 (ios)

Trust: 0.8

vendor:ciscomodel:webex teams for iosscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:conference director seriesscope:eqversion:0

Trust: 0.3

sources: BID: 107101 // JVNDB: JVNDB-2019-002109 // NVD: CVE-2019-1689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1689
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1689
value: HIGH

Trust: 1.0

NVD: CVE-2019-1689
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201902-802
value: HIGH

Trust: 0.6

VULHUB: VHN-149081
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1689
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149081
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1689
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.2
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1689
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-149081 // JVNDB: JVNDB-2019-002109 // CNNVD: CNNVD-201902-802 // NVD: CVE-2019-1689 // NVD: CVE-2019-1689

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-149081 // JVNDB: JVNDB-2019-002109 // NVD: CVE-2019-1689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-802

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 107101 // CNNVD: CNNVD-201902-802

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002109

PATCH

title:cisco-sa-20190220-webx-ios-fileurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file

Trust: 0.8

title:Cisco Webex Teams for iOS Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89596

Trust: 0.6

sources: JVNDB: JVNDB-2019-002109 // CNNVD: CNNVD-201902-802

EXTERNAL IDS

db:NVDid:CVE-2019-1689

Trust: 2.8

db:BIDid:107101

Trust: 2.0

db:JVNDBid:JVNDB-2019-002109

Trust: 0.8

db:CNNVDid:CNNVD-201902-802

Trust: 0.7

db:AUSCERTid:ESB-2019.0540

Trust: 0.6

db:CNVDid:CNVD-2020-12734

Trust: 0.1

db:VULHUBid:VHN-149081

Trust: 0.1

sources: VULHUB: VHN-149081 // BID: 107101 // JVNDB: JVNDB-2019-002109 // CNNVD: CNNVD-201902-802 // NVD: CVE-2019-1689

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-webx-ios-file

Trust: 2.6

url:http://www.securityfocus.com/bid/107101

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-1689

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1689

Trust: 0.8

url:https://www.auscert.org.au/bulletins/75906

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-149081 // BID: 107101 // JVNDB: JVNDB-2019-002109 // CNNVD: CNNVD-201902-802 // NVD: CVE-2019-1689

CREDITS

This vulnerability was found during internal security testing.,Cisco

Trust: 0.6

sources: CNNVD: CNNVD-201902-802

SOURCES

db:VULHUBid:VHN-149081
db:BIDid:107101
db:JVNDBid:JVNDB-2019-002109
db:CNNVDid:CNNVD-201902-802
db:NVDid:CVE-2019-1689

LAST UPDATE DATE

2024-08-14T15:28:40.157000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149081date:2019-10-09T00:00:00
db:BIDid:107101date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2019-002109date:2019-04-02T00:00:00
db:CNNVDid:CNNVD-201902-802date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1689date:2023-03-23T17:36:32.647

SOURCES RELEASE DATE

db:VULHUBid:VHN-149081date:2019-02-25T00:00:00
db:BIDid:107101date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2019-002109date:2019-04-02T00:00:00
db:CNNVDid:CNNVD-201902-802date:2019-02-20T00:00:00
db:NVDid:CVE-2019-1689date:2019-02-25T17:29:00.340