Sign-up

ID

VAR-201911-0801


CVE

CVE-2019-1877


TITLE

Cisco Enterprise Chat and Email Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-011707

DESCRIPTION

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1. Information obtained may aid in further attacks. This issue being tracked by Cisco Bug ID CSCvo99235. This product mainly provides e-mail, chat and Web callback functions for other Cisco solutions

Trust: 2.07

sources: NVD: CVE-2019-1877 // JVNDB: JVNDB-2019-011707 // BID: 108859 // VULHUB: VHN-151149 // VULMON: CVE-2019-1877

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise chat and emailscope:eqversion:11.6\(1\)es9

Trust: 1.0

vendor:ciscomodel:enterprise chat and emailscope: - version: -

Trust: 0.8

vendor:ciscomodel:enterprise chat and emailscope:eqversion:0

Trust: 0.3

sources: BID: 108859 // JVNDB: JVNDB-2019-011707 // NVD: CVE-2019-1877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1877
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1877
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1877
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-803
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151149
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-1877
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1877
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-151149
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1877
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1877
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-151149 // VULMON: CVE-2019-1877 // JVNDB: JVNDB-2019-011707 // CNNVD: CNNVD-201906-803 // NVD: CVE-2019-1877 // NVD: CVE-2019-1877

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-151149 // JVNDB: JVNDB-2019-011707 // NVD: CVE-2019-1877

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-803

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201906-803

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011707

PATCH
title:cisco-sa-20190619-ecea-dwnloadurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-ecea-dwnload
Trust: 0.8
title:Cisco Enterprise Chat and Email Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93953
Trust: 0.6
title:Cisco: Cisco Enterprise Chat and Email Attachment Download Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190619-ecea-dwnload
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1877 // 
            
            
            
            JVNDB: JVNDB-2019-011707 // 
            
            
            
            CNNVD: CNNVD-201906-803

EXTERNAL IDS
db:NVDid:CVE-2019-1877
Trust: 2.9
db:BIDid:108859
Trust: 1.1
db:JVNDBid:JVNDB-2019-011707
Trust: 0.8
db:CNNVDid:CNNVD-201906-803
Trust: 0.7
db:AUSCERTid:ESB-2019.2204
Trust: 0.6
db:VULHUBid:VHN-151149
Trust: 0.1
db:VULMONid:CVE-2019-1877
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151149 // 
            
            
            
            VULMON: CVE-2019-1877 // 
            
            
            
            BID: 108859 // 
            
            
            
            JVNDB: JVNDB-2019-011707 // 
            
            
            
            CNNVD: CNNVD-201906-803 // 
            
            
            
            NVD: CVE-2019-1877

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-ecea-dwnload
Trust: 2.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-1877
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1877
Trust: 0.8
url:https://www.securityfocus.com/bid/108859
Trust: 0.7
url:https://www.auscert.org.au/bulletins/esb-2019.2204/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/162766
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151149 // 
            
            
            
            VULMON: CVE-2019-1877 // 
            
            
            
            BID: 108859 // 
            
            
            
            JVNDB: JVNDB-2019-011707 // 
            
            
            
            CNNVD: CNNVD-201906-803 // 
            
            
            
            NVD: CVE-2019-1877

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108859 // 
            
            
            
            CNNVD: CNNVD-201906-803

SOURCES
db:VULHUBid:VHN-151149
db:VULMONid:CVE-2019-1877
db:BIDid:108859
db:JVNDBid:JVNDB-2019-011707
db:CNNVDid:CNNVD-201906-803
db:NVDid:CVE-2019-1877

LAST UPDATE DATE
2024-08-14T15:17:51.803000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151149date:2020-10-16T00:00:00
db:VULMONid:CVE-2019-1877date:2020-10-16T00:00:00
db:BIDid:108859date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-011707date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201906-803date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1877date:2020-10-16T14:24:57.273

SOURCES RELEASE DATE
db:VULHUBid:VHN-151149date:2019-11-05T00:00:00
db:VULMONid:CVE-2019-1877date:2019-11-05T00:00:00
db:BIDid:108859date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-011707date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201906-803date:2019-06-19T00:00:00
db:NVDid:CVE-2019-1877date:2019-11-05T20:15:11.407