Details of VAR-201908-1961

ID

VAR-201908-1961

CVE

CVE-2019-1954

TITLE

Cisco Webex Meetings Server Software open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007631

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in the WebEx conference solution

Trust: 1.71

sources: NVD: CVE-2019-1954 // JVNDB: JVNDB-2019-007631 // VULHUB: VHN-151996

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	lt	version:	4.0\(1\)	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-007631 // NVD: CVE-2019-1954

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1954
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1954
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1954
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201908-567
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-151996
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1954
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151996
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1954
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1954
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1954
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-151996 // JVNDB: JVNDB-2019-007631 // CNNVD: CNNVD-201908-567 // NVD: CVE-2019-1954 // NVD: CVE-2019-1954

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.9
problemtype:	CWE-20	Trust: 1.0

sources: VULHUB: VHN-151996 // JVNDB: JVNDB-2019-007631 // NVD: CVE-2019-1954

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-567

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-567

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007631

PATCH

title:	cisco-sa-20190807-wms-oredirect	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-wms-oredirect	Trust: 0.8
title:	Cisco Webex Meetings Server Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96264	Trust: 0.6

sources: JVNDB: JVNDB-2019-007631 // CNNVD: CNNVD-201908-567

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1954	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-007631	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-567	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2995	Trust: 0.6
db:	VULHUB	id:	VHN-151996	Trust: 0.1

sources: VULHUB: VHN-151996 // JVNDB: JVNDB-2019-007631 // CNNVD: CNNVD-201908-567 // NVD: CVE-2019-1954

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-wms-oredirect	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1954	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1954	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.2995/	Trust: 0.6

sources: VULHUB: VHN-151996 // JVNDB: JVNDB-2019-007631 // CNNVD: CNNVD-201908-567 // NVD: CVE-2019-1954

CREDITS

Fouad Mouallal of Telindus Netherlands .

Trust: 0.6

sources: CNNVD: CNNVD-201908-567

SOURCES

db:	VULHUB	id:	VHN-151996
db:	JVNDB	id:	JVNDB-2019-007631
db:	CNNVD	id:	CNNVD-201908-567
db:	NVD	id:	CVE-2019-1954

LAST UPDATE DATE

2024-11-23T21:51:59.522000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151996	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-007631	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-567	date:	2021-11-02T00:00:00
db:	NVD	id:	CVE-2019-1954	date:	2024-11-21T04:37:45.640

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151996	date:	2019-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-007631	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-567	date:	2019-08-07T00:00:00
db:	NVD	id:	CVE-2019-1954	date:	2019-08-08T08:15:12.477