Details of VAR-201911-1776

ID

VAR-201911-1776

CVE

CVE-2019-15960

TITLE

Cisco Webex Meetings Vulnerability in Permission Management

Trust: 0.8

sources: JVNDB: JVNDB-2019-012892

DESCRIPTION

A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A successful exploit could allow the attacker to elevate privileges in the Webex Recording Admin page, which could allow them to view or delete recordings that they would not normally be able to access. Cisco Webex Meetings Contains a privilege management vulnerability.Information may be obtained and information may be altered. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

Trust: 1.71

sources: NVD: CVE-2019-15960 // JVNDB: JVNDB-2019-012892 // VULHUB: VHN-148059

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings	scope:	lt	version:	39.7.0	Trust: 1.0
vendor:	cisco	model:	webex meetings	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-012892 // NVD: CVE-2019-15960

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15960
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15960
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-15960
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201911-374
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-148059
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-15960
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148059
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-15960
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-15960
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-148059 // JVNDB: JVNDB-2019-012892 // CNNVD: CNNVD-201911-374 // NVD: CVE-2019-15960 // NVD: CVE-2019-15960

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-269	Trust: 0.9

sources: VULHUB: VHN-148059 // JVNDB: JVNDB-2019-012892 // NVD: CVE-2019-15960

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-374

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-374

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012892

PATCH

title:	cisco-sa-20191106-wbs-privilege	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wbs-privilege	Trust: 0.8
title:	Cisco Webex Meetings Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101791	Trust: 0.6

sources: JVNDB: JVNDB-2019-012892 // CNNVD: CNNVD-201911-374

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15960	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-012892	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-374	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4179	Trust: 0.6
db:	VULHUB	id:	VHN-148059	Trust: 0.1

sources: VULHUB: VHN-148059 // JVNDB: JVNDB-2019-012892 // CNNVD: CNNVD-201911-374 // NVD: CVE-2019-15960

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191106-wbs-privilege	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15960	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15960	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191106-webex-player	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4179/	Trust: 0.6

sources: VULHUB: VHN-148059 // JVNDB: JVNDB-2019-012892 // CNNVD: CNNVD-201911-374 // NVD: CVE-2019-15960

SOURCES

db:	VULHUB	id:	VHN-148059
db:	JVNDB	id:	JVNDB-2019-012892
db:	CNNVD	id:	CNNVD-201911-374
db:	NVD	id:	CVE-2019-15960

LAST UPDATE DATE

2024-11-23T21:59:02.408000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148059	date:	2021-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-012892	date:	2019-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201911-374	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2019-15960	date:	2024-11-21T04:29:49.620

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148059	date:	2019-11-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-012892	date:	2019-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201911-374	date:	2019-11-06T00:00:00
db:	NVD	id:	CVE-2019-15960	date:	2019-11-26T03:15:11.583