A vulnerability was found in Cisco WebEx Meetings Mobile on iOS (Unified Communication Software) (affected version not known). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component SSL Certificate. The manipulation with an unknown input leads to a certificate validation vulnerability. The CWE definition for the vulnerability is CWE-295. The product does not validate, or incorrectly validates, a certificate. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

The weakness was shared 08/21/2019 as cisco-sa-20190821-webex-ssl-ce as confirmed advisory (Website). The advisory is shared at tools.cisco.com. This vulnerability is known as CVE-2019-1948 since 12/06/2018. The exploitation appears to be difficult. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1587.003 for this issue.

Upgrading eliminates this vulnerability.

Productinfo

Type

• Unified Communication Software

Vendor

• Cisco

Name

• WebEx Meetings Mobile

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion