Sign-up

ID

VAR-201911-1322


CVE

CVE-2019-15987


TITLE

plural Cisco Webex Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-012699

DESCRIPTION

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user. plural Cisco Webex The product contains authentication vulnerabilities.Information may be obtained. Cisco® Webex Meeting Center, etc. are all products of Cisco (Cisco). Cisco® Webex Meeting Center is an online collaborative video conferencing solution. Cisco Webex Support Center is a video conferencing solution for service support teams. An authorization issue vulnerability exists in several Cisco products

Trust: 1.71

sources: NVD: CVE-2019-15987 // JVNDB: JVNDB-2019-012699 // VULHUB: VHN-148088

AFFECTED PRODUCTS

vendor:ciscomodel:webex training centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:4.0

Trust: 1.6

vendor:ciscomodel:webex event centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex support centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex event centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings onlinescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex support centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex training centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-012699 // CNNVD: CNNVD-201911-1201 // NVD: CVE-2019-15987

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15987
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15987
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15987
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-1201
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148088
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15987
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148088
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-15987
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15987
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-148088 // JVNDB: JVNDB-2019-012699 // CNNVD: CNNVD-201911-1201 // NVD: CVE-2019-15987 // NVD: CVE-2019-15987

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-148088 // JVNDB: JVNDB-2019-012699 // NVD: CVE-2019-15987

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1201

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201911-1201

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012699

PATCH
title:cisco-sa-20191120-webex-centers-infodisurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis
Trust: 0.8
title:Multiple Cisco Product Authorization Issue Vulnerability Fixing Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103144
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-012699 // 
            
            
            
            CNNVD: CNNVD-201911-1201

EXTERNAL IDS
db:NVDid:CVE-2019-15987
Trust: 2.5
db:JVNDBid:JVNDB-2019-012699
Trust: 0.8
db:CNNVDid:CNNVD-201911-1201
Trust: 0.7
db:AUSCERTid:ESB-2019.4395
Trust: 0.6
db:VULHUBid:VHN-148088
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148088 // 
            
            
            
            JVNDB: JVNDB-2019-012699 // 
            
            
            
            CNNVD: CNNVD-201911-1201 // 
            
            
            
            NVD: CVE-2019-15987

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191120-webex-centers-infodis
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-15987
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15987
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.4395/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-148088 // 
            
            
            
            JVNDB: JVNDB-2019-012699 // 
            
            
            
            CNNVD: CNNVD-201911-1201 // 
            
            
            
            NVD: CVE-2019-15987

SOURCES
db:VULHUBid:VHN-148088
db:JVNDBid:JVNDB-2019-012699
db:CNNVDid:CNNVD-201911-1201
db:NVDid:CVE-2019-15987

LAST UPDATE DATE
2024-11-23T22:11:46.086000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148088date:2019-12-09T00:00:00
db:JVNDBid:JVNDB-2019-012699date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201911-1201date:2019-12-10T00:00:00
db:NVDid:CVE-2019-15987date:2024-11-21T04:29:52.630

SOURCES RELEASE DATE
db:VULHUBid:VHN-148088date:2019-11-26T00:00:00
db:JVNDBid:JVNDB-2019-012699date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201911-1201date:2019-11-20T00:00:00
db:NVDid:CVE-2019-15987date:2019-11-26T04:15:11.903