Sign-up

ID

VAR-201909-0658


CVE

CVE-2019-1939


TITLE

Windows for Cisco Webex Teams Injection vulnerability in client

Trust: 0.8

sources: JVNDB: JVNDB-2019-008859

DESCRIPTION

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user. Cisco Webex Teams is a team collaboration application of Cisco (Cisco). The program includes video conferencing, group messaging and file sharing capabilities

Trust: 1.8

sources: NVD: CVE-2019-1939 // JVNDB: JVNDB-2019-008859 // VULHUB: VHN-151831 // VULMON: CVE-2019-1939

AFFECTED PRODUCTS

vendor:ciscomodel:webex teamsscope:ltversion:3.0.12427.0

Trust: 1.0

vendor:ciscomodel:webex teamsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008859 // NVD: CVE-2019-1939

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1939
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1939
value: HIGH

Trust: 1.0

NVD: CVE-2019-1939
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-160
value: HIGH

Trust: 0.6

VULHUB: VHN-151831
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1939
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1939
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-151831
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1939
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1939
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-1939
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151831 // VULMON: CVE-2019-1939 // JVNDB: JVNDB-2019-008859 // CNNVD: CNNVD-201909-160 // NVD: CVE-2019-1939 // NVD: CVE-2019-1939

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.9

problemtype:CWE-269

Trust: 1.1

sources: VULHUB: VHN-151831 // JVNDB: JVNDB-2019-008859 // NVD: CVE-2019-1939

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-160

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201909-160

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008859

PATCH
title:cisco-sa-20190904-webex-teamsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-webex-teams
Trust: 0.8
title:Cisco Webex Teams client Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97922
Trust: 0.6
title:Cisco: Cisco Webex Teams Logging Feature Command Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190904-webex-teams
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1939 // 
            
            
            
            JVNDB: JVNDB-2019-008859 // 
            
            
            
            CNNVD: CNNVD-201909-160

EXTERNAL IDS
db:NVDid:CVE-2019-1939
Trust: 2.6
db:JVNDBid:JVNDB-2019-008859
Trust: 0.8
db:CNNVDid:CNNVD-201909-160
Trust: 0.7
db:AUSCERTid:ESB-2019.3368
Trust: 0.6
db:NSFOCUSid:44304
Trust: 0.6
db:VULHUBid:VHN-151831
Trust: 0.1
db:VULMONid:CVE-2019-1939
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151831 // 
            
            
            
            VULMON: CVE-2019-1939 // 
            
            
            
            JVNDB: JVNDB-2019-008859 // 
            
            
            
            CNNVD: CNNVD-201909-160 // 
            
            
            
            NVD: CVE-2019-1939

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190904-webex-teams
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-1939
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1939
Trust: 0.8
url:http://www.nsfocus.net/vulndb/44304
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3368/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/269.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151831 // 
            
            
            
            VULMON: CVE-2019-1939 // 
            
            
            
            JVNDB: JVNDB-2019-008859 // 
            
            
            
            CNNVD: CNNVD-201909-160 // 
            
            
            
            NVD: CVE-2019-1939

CREDITS
Chew Keong Tan of Bank of America .
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201909-160

SOURCES
db:VULHUBid:VHN-151831
db:VULMONid:CVE-2019-1939
db:JVNDBid:JVNDB-2019-008859
db:CNNVDid:CNNVD-201909-160
db:NVDid:CVE-2019-1939

LAST UPDATE DATE
2024-08-14T15:28:27.665000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151831date:2020-10-16T00:00:00
db:VULMONid:CVE-2019-1939date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-008859date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201909-160date:2020-10-19T00:00:00
db:NVDid:CVE-2019-1939date:2020-10-16T14:12:34.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-151831date:2019-09-05T00:00:00
db:VULMONid:CVE-2019-1939date:2019-09-05T00:00:00
db:JVNDBid:JVNDB-2019-008859date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201909-160date:2019-09-04T00:00:00
db:NVDid:CVE-2019-1939date:2019-09-05T02:15:13.307