Sign-up

ID

VAR-201906-0294


CVE

CVE-2019-1868


TITLE

Cisco Webex Meetings Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-005278

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to access sensitive system information. Cisco Webex Meetings Server Contains an information disclosure vulnerability.Information may be obtained. This issue is being tracked by Cisco bug ID CSCvn76141. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in the WebEx conference solution. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 1.98

sources: NVD: CVE-2019-1868 // JVNDB: JVNDB-2019-005278 // BID: 108625 // VULHUB: VHN-151050

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 1.3

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

sources: BID: 108625 // JVNDB: JVNDB-2019-005278 // NVD: CVE-2019-1868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1868
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1868
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1868
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-160
value: HIGH

Trust: 0.6

VULHUB: VHN-151050
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1868
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151050
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1868
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1868
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-1868
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151050 // JVNDB: JVNDB-2019-005278 // CNNVD: CNNVD-201906-160 // NVD: CVE-2019-1868 // NVD: CVE-2019-1868

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-151050 // JVNDB: JVNDB-2019-005278 // NVD: CVE-2019-1868

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-160

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201906-160

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005278

PATCH
title:cisco-sa-20190605-webexmeetings-idurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-webexmeetings-id
Trust: 0.8
title:Cisco WebEx Meetings Server Fixes for configuration error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93252
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005278 // 
            
            
            
            CNNVD: CNNVD-201906-160

EXTERNAL IDS
db:NVDid:CVE-2019-1868
Trust: 2.8
db:BIDid:108625
Trust: 2.0
db:JVNDBid:JVNDB-2019-005278
Trust: 0.8
db:CNNVDid:CNNVD-201906-160
Trust: 0.7
db:AUSCERTid:ESB-2019.2029
Trust: 0.6
db:VULHUBid:VHN-151050
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151050 // 
            
            
            
            BID: 108625 // 
            
            
            
            JVNDB: JVNDB-2019-005278 // 
            
            
            
            CNNVD: CNNVD-201906-160 // 
            
            
            
            NVD: CVE-2019-1868

REFERENCES
url:http://www.securityfocus.com/bid/108625
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-webexmeetings-id
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1868
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1868
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2029/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-151050 // 
            
            
            
            BID: 108625 // 
            
            
            
            JVNDB: JVNDB-2019-005278 // 
            
            
            
            CNNVD: CNNVD-201906-160 // 
            
            
            
            NVD: CVE-2019-1868

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108625 // 
            
            
            
            CNNVD: CNNVD-201906-160

SOURCES
db:VULHUBid:VHN-151050
db:BIDid:108625
db:JVNDBid:JVNDB-2019-005278
db:CNNVDid:CNNVD-201906-160
db:NVDid:CVE-2019-1868

LAST UPDATE DATE
2024-11-23T23:08:24.019000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151050date:2020-10-16T00:00:00
db:BIDid:108625date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-005278date:2019-06-18T00:00:00
db:CNNVDid:CNNVD-201906-160date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1868date:2024-11-21T04:37:34.527

SOURCES RELEASE DATE
db:VULHUBid:VHN-151050date:2019-06-05T00:00:00
db:BIDid:108625date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-005278date:2019-06-18T00:00:00
db:CNNVDid:CNNVD-201906-160date:2019-06-05T00:00:00
db:NVDid:CVE-2019-1868date:2019-06-05T17:29:00.537