ID

VAR-201909-0658


CVE

CVE-2019-1939


TITLE

Windows for Cisco Webex Teams Injection vulnerability in client

Trust: 0.8

sources: JVNDB: JVNDB-2019-008859

DESCRIPTION

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user. Cisco Webex Teams is a team collaboration application of Cisco (Cisco). The program includes video conferencing, group messaging and file sharing capabilities

Trust: 1.8

sources: NVD: CVE-2019-1939 // JVNDB: JVNDB-2019-008859 // VULHUB: VHN-151831 // VULMON: CVE-2019-1939

AFFECTED PRODUCTS

vendor:ciscomodel:webex teamsscope:ltversion:3.0.12427.0

Trust: 1.0

vendor:ciscomodel:webex teamsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008859 // NVD: CVE-2019-1939

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1939
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1939
value: HIGH

Trust: 1.0

NVD: CVE-2019-1939
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-160
value: HIGH

Trust: 0.6

VULHUB: VHN-151831
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1939
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1939
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-151831
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1939
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1939
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-1939
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151831 // VULMON: CVE-2019-1939 // JVNDB: JVNDB-2019-008859 // CNNVD: CNNVD-201909-160 // NVD: CVE-2019-1939 // NVD: CVE-2019-1939

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.9

problemtype:CWE-269

Trust: 1.1

sources: VULHUB: VHN-151831 // JVNDB: JVNDB-2019-008859 // NVD: CVE-2019-1939

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-160

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201909-160

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008859

PATCH

title:cisco-sa-20190904-webex-teamsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-webex-teams

Trust: 0.8

title:Cisco Webex Teams client Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97922

Trust: 0.6

title:Cisco: Cisco Webex Teams Logging Feature Command Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190904-webex-teams

Trust: 0.1

sources: VULMON: CVE-2019-1939 // JVNDB: JVNDB-2019-008859 // CNNVD: CNNVD-201909-160

EXTERNAL IDS

db:NVDid:CVE-2019-1939

Trust: 2.6

db:JVNDBid:JVNDB-2019-008859

Trust: 0.8

db:CNNVDid:CNNVD-201909-160

Trust: 0.7

db:AUSCERTid:ESB-2019.3368

Trust: 0.6

db:NSFOCUSid:44304

Trust: 0.6

db:VULHUBid:VHN-151831

Trust: 0.1

db:VULMONid:CVE-2019-1939

Trust: 0.1

sources: VULHUB: VHN-151831 // VULMON: CVE-2019-1939 // JVNDB: JVNDB-2019-008859 // CNNVD: CNNVD-201909-160 // NVD: CVE-2019-1939

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190904-webex-teams

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2019-1939

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1939

Trust: 0.8

url:http://www.nsfocus.net/vulndb/44304

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3368/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-151831 // VULMON: CVE-2019-1939 // JVNDB: JVNDB-2019-008859 // CNNVD: CNNVD-201909-160 // NVD: CVE-2019-1939

CREDITS

Chew Keong Tan of Bank of America .

Trust: 0.6

sources: CNNVD: CNNVD-201909-160

SOURCES

db:VULHUBid:VHN-151831
db:VULMONid:CVE-2019-1939
db:JVNDBid:JVNDB-2019-008859
db:CNNVDid:CNNVD-201909-160
db:NVDid:CVE-2019-1939

LAST UPDATE DATE

2024-08-14T15:28:27.665000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-151831date:2020-10-16T00:00:00
db:VULMONid:CVE-2019-1939date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-008859date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201909-160date:2020-10-19T00:00:00
db:NVDid:CVE-2019-1939date:2020-10-16T14:12:34.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-151831date:2019-09-05T00:00:00
db:VULMONid:CVE-2019-1939date:2019-09-05T00:00:00
db:JVNDBid:JVNDB-2019-008859date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201909-160date:2019-09-04T00:00:00
db:NVDid:CVE-2019-1939date:2019-09-05T02:15:13.307