Cisco WebEx Meetings Server Web-based Management Interface HTTP Request redirect
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.5 | $0-$5k | 0.00 |
A vulnerability has been found in Cisco WebEx Meetings Server (Unified Communication Software) (version now known) and classified as critical. This vulnerability affects some unknown processing of the component Web-based Management Interface. The manipulation as part of a HTTP Request leads to a redirect vulnerability. The CWE definition for the vulnerability is CWE-601. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.
The weakness was shared 08/08/2019 as cisco-sa-20190807-wms-oredirec as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability was named CVE-2019-1954 since 12/06/2018. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1204.001.
Upgrading eliminates this vulnerability.
Product
Type
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.6VulDB Meta Temp Score: 5.5
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.1
NVD Vector: 🔍
CNA Base Score: 4.3
CNA Vector (Cisco Systems, Inc.): 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: RedirectCWE: CWE-601
ATT&CK: T1204.001
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
12/06/2018 🔍08/08/2019 🔍
08/08/2019 🔍
11/21/2023 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20190807-wms-oredirec
Status: Confirmed
CVE: CVE-2019-1954 (🔍)
Entry
Created: 08/08/2019 18:58Updated: 11/21/2023 14:45
Changes: 08/08/2019 18:58 (41), 07/22/2020 20:29 (18), 11/21/2023 14:45 (14)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.