Details of VAR-201906-0297

ID

VAR-201906-0297

CVE

CVE-2019-1872

TITLE

Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-side request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005280

DESCRIPTION

A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system. Multiple Cisco Products are prone to an security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Cisco Bug ID CSCvj33774

Trust: 1.98

sources: NVD: CVE-2019-1872 // JVNDB: JVNDB-2019-005280 // BID: 108677 // VULHUB: VHN-151094

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence video communication server	scope:	lt	version:	x12.5	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	expressway series software	scope:	eq	version:	0	Trust: 0.3

sources: BID: 108677 // JVNDB: JVNDB-2019-005280 // NVD: CVE-2019-1872

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1872
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1872
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1872
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201906-154
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-151094
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1872
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151094
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1872
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-151094 // JVNDB: JVNDB-2019-005280 // CNNVD: CNNVD-201906-154 // NVD: CVE-2019-1872 // NVD: CVE-2019-1872

PROBLEMTYPE DATA

problemtype:

CWE-918

Trust: 1.9

sources: VULHUB: VHN-151094 // JVNDB: JVNDB-2019-005280 // NVD: CVE-2019-1872

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-154

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-154

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005280

PATCH

title:	cisco-sa-20190605-vcs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-vcs	Trust: 0.8
title:	Cisco Expressway Series and Cisco TelePresence Video Communication Server Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93246	Trust: 0.6

sources: JVNDB: JVNDB-2019-005280 // CNNVD: CNNVD-201906-154

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1872	Trust: 2.8
db:	BID	id:	108677	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-005280	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.2026	Trust: 0.6
db:	CNNVD	id:	CNNVD-201906-154	Trust: 0.6
db:	VULHUB	id:	VHN-151094	Trust: 0.1

sources: VULHUB: VHN-151094 // BID: 108677 // JVNDB: JVNDB-2019-005280 // CNNVD: CNNVD-201906-154 // NVD: CVE-2019-1872

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-vcs	Trust: 2.0
url:	http://www.securityfocus.com/bid/108677	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1872	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1872	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.2026/	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-151094 // BID: 108677 // JVNDB: JVNDB-2019-005280 // CNNVD: CNNVD-201906-154 // NVD: CVE-2019-1872

CREDITS

Cisco

Trust: 0.9

sources: BID: 108677 // CNNVD: CNNVD-201906-154

SOURCES

db:	VULHUB	id:	VHN-151094
db:	BID	id:	108677
db:	JVNDB	id:	JVNDB-2019-005280
db:	CNNVD	id:	CNNVD-201906-154
db:	NVD	id:	CVE-2019-1872

LAST UPDATE DATE

2024-11-23T22:30:01.553000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151094	date:	2019-10-09T00:00:00
db:	BID	id:	108677	date:	2019-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-005280	date:	2019-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201906-154	date:	2019-06-10T00:00:00
db:	NVD	id:	CVE-2019-1872	date:	2024-11-21T04:37:35.100

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151094	date:	2019-06-05T00:00:00
db:	BID	id:	108677	date:	2019-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-005280	date:	2019-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201906-154	date:	2019-06-05T00:00:00
db:	NVD	id:	CVE-2019-1872	date:	2019-06-05T17:29:00.600