Sign-up

ID

VAR-201902-0455


CVE

CVE-2019-1689


TITLE

Cisco Webex Teams Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002109

DESCRIPTION

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920. Cisco Webex Teams Contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvn16403. The program includes features such as video conferencing, group messaging and file sharing

Trust: 1.98

sources: NVD: CVE-2019-1689 // JVNDB: JVNDB-2019-002109 // BID: 107101 // VULHUB: VHN-149081

AFFECTED PRODUCTS

vendor:ciscomodel:webex teamsscope:ltversion:3.13.26920

Trust: 1.0

vendor:ciscomodel:webex teamsscope:ltversion:3.13.26920 (ios)

Trust: 0.8

vendor:ciscomodel:webex teams for iosscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:conference director seriesscope:eqversion:0

Trust: 0.3

sources: BID: 107101 // JVNDB: JVNDB-2019-002109 // NVD: CVE-2019-1689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1689
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1689
value: HIGH

Trust: 1.0

NVD: CVE-2019-1689
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201902-802
value: HIGH

Trust: 0.6

VULHUB: VHN-149081
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1689
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149081
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1689
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.2
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1689
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-149081 // JVNDB: JVNDB-2019-002109 // CNNVD: CNNVD-201902-802 // NVD: CVE-2019-1689 // NVD: CVE-2019-1689

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-149081 // JVNDB: JVNDB-2019-002109 // NVD: CVE-2019-1689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-802

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 107101 // CNNVD: CNNVD-201902-802

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002109

PATCH
title:cisco-sa-20190220-webx-ios-fileurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file
Trust: 0.8
title:Cisco Webex Teams for iOS Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89596
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-002109 // 
            
            
            
            CNNVD: CNNVD-201902-802

EXTERNAL IDS
db:NVDid:CVE-2019-1689
Trust: 2.8
db:BIDid:107101
Trust: 2.0
db:JVNDBid:JVNDB-2019-002109
Trust: 0.8
db:CNNVDid:CNNVD-201902-802
Trust: 0.7
db:AUSCERTid:ESB-2019.0540
Trust: 0.6
db:CNVDid:CNVD-2020-12734
Trust: 0.1
db:VULHUBid:VHN-149081
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149081 // 
            
            
            
            BID: 107101 // 
            
            
            
            JVNDB: JVNDB-2019-002109 // 
            
            
            
            CNNVD: CNNVD-201902-802 // 
            
            
            
            NVD: CVE-2019-1689

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-webx-ios-file
Trust: 2.6
url:http://www.securityfocus.com/bid/107101
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-1689
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1689
Trust: 0.8
url:https://www.auscert.org.au/bulletins/75906
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-149081 // 
            
            
            
            BID: 107101 // 
            
            
            
            JVNDB: JVNDB-2019-002109 // 
            
            
            
            CNNVD: CNNVD-201902-802 // 
            
            
            
            NVD: CVE-2019-1689

CREDITS
This vulnerability was found during internal security testing.,Cisco
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-802

SOURCES
db:VULHUBid:VHN-149081
db:BIDid:107101
db:JVNDBid:JVNDB-2019-002109
db:CNNVDid:CNNVD-201902-802
db:NVDid:CVE-2019-1689

LAST UPDATE DATE
2024-08-14T15:28:40.157000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-149081date:2019-10-09T00:00:00
db:BIDid:107101date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2019-002109date:2019-04-02T00:00:00
db:CNNVDid:CNNVD-201902-802date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1689date:2023-03-23T17:36:32.647

SOURCES RELEASE DATE
db:VULHUBid:VHN-149081date:2019-02-25T00:00:00
db:BIDid:107101date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2019-002109date:2019-04-02T00:00:00
db:CNNVDid:CNNVD-201902-802date:2019-02-20T00:00:00
db:NVDid:CVE-2019-1689date:2019-02-25T17:29:00.340