Details of VAR-201908-0854

ID

VAR-201908-0854

CVE

CVE-2019-1948

TITLE

Cisco Webex Meetings Mobile Vulnerabilities related to certificate validation

Trust: 0.8

sources: JVNDB: JVNDB-2019-008602

DESCRIPTION

A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Webex Meetings Mobile (iOS) Contains a certificate validation vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2019-1948 // JVNDB: JVNDB-2019-008602 // VULHUB: VHN-151930

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings	scope:	gte	version:	11.3	Trust: 1.0
vendor:	cisco	model:	webex meetings	scope:	lte	version:	39.5	Trust: 1.0
vendor:	cisco	model:	webex meetings	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-008602 // NVD: CVE-2019-1948

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1948
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1948
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1948
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201908-1664
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-151930
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1948
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151930
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1948
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-151930 // JVNDB: JVNDB-2019-008602 // CNNVD: CNNVD-201908-1664 // NVD: CVE-2019-1948 // NVD: CVE-2019-1948

PROBLEMTYPE DATA

problemtype:

CWE-295

Trust: 1.9

sources: VULHUB: VHN-151930 // JVNDB: JVNDB-2019-008602 // NVD: CVE-2019-1948

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1664

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-1664

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008602

PATCH

title:	cisco-sa-20190821-webex-ssl-cert	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert	Trust: 0.8
title:	Cisco Webex Meetings Mobile Repair measures for trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97270	Trust: 0.6

sources: JVNDB: JVNDB-2019-008602 // CNNVD: CNNVD-201908-1664

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1948	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008602	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1664	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3207	Trust: 0.6
db:	CNVD	id:	CNVD-2020-18566	Trust: 0.1
db:	VULHUB	id:	VHN-151930	Trust: 0.1

sources: VULHUB: VHN-151930 // JVNDB: JVNDB-2019-008602 // CNNVD: CNNVD-201908-1664 // NVD: CVE-2019-1948

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-webex-ssl-cert	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1948	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1948	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.3207/	Trust: 0.6

sources: VULHUB: VHN-151930 // JVNDB: JVNDB-2019-008602 // CNNVD: CNNVD-201908-1664 // NVD: CVE-2019-1948

SOURCES

db:	VULHUB	id:	VHN-151930
db:	JVNDB	id:	JVNDB-2019-008602
db:	CNNVD	id:	CNNVD-201908-1664
db:	NVD	id:	CVE-2019-1948

LAST UPDATE DATE

2024-11-23T21:36:57.848000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151930	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-008602	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1664	date:	2019-09-02T00:00:00
db:	NVD	id:	CVE-2019-1948	date:	2024-11-21T04:37:44.890

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151930	date:	2019-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-008602	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1664	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2019-1948	date:	2019-08-21T19:15:15.543