Sign-up

ID

VAR-201902-0446


CVE

CVE-2019-1678


TITLE

Cisco Meeting Server Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001232

DESCRIPTION

A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected. Cisco Meeting Server Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Meeting Server is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvn16684

Trust: 1.98

sources: NVD: CVE-2019-1678 // JVNDB: JVNDB-2019-001232 // BID: 106943 // VULHUB: VHN-148960

AFFECTED PRODUCTS

vendor:ciscomodel:meeting serverscope:eqversion:2.3.6

Trust: 1.3

vendor:ciscomodel:meeting serverscope:ltversion:2.4.3

Trust: 0.8

vendor:ciscomodel:meeting serverscope:eqversion:2.3.7

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.4

Trust: 0.3

vendor:ciscomodel:meeting serverscope:neversion:2.4.3

Trust: 0.3

vendor:ciscomodel:meeting serverscope:neversion:2.3.9

Trust: 0.3

sources: BID: 106943 // JVNDB: JVNDB-2019-001232 // NVD: CVE-2019-1678

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1678
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1678
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1678
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201902-289
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148960
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1678
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148960
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1678
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1678
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-148960 // JVNDB: JVNDB-2019-001232 // CNNVD: CNNVD-201902-289 // NVD: CVE-2019-1678 // NVD: CVE-2019-1678

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-148960 // JVNDB: JVNDB-2019-001232 // NVD: CVE-2019-1678

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-289

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201902-289

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001232

PATCH
title:cisco-sa-20190206-cms-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cms-dos
Trust: 0.8
title:Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89103
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001232 // 
            
            
            
            CNNVD: CNNVD-201902-289

EXTERNAL IDS
db:NVDid:CVE-2019-1678
Trust: 2.8
db:BIDid:106943
Trust: 2.0
db:JVNDBid:JVNDB-2019-001232
Trust: 0.8
db:CNNVDid:CNNVD-201902-289
Trust: 0.7
db:VULHUBid:VHN-148960
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148960 // 
            
            
            
            BID: 106943 // 
            
            
            
            JVNDB: JVNDB-2019-001232 // 
            
            
            
            CNNVD: CNNVD-201902-289 // 
            
            
            
            NVD: CVE-2019-1678

REFERENCES
url:http://www.securityfocus.com/bid/106943
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190206-cms-dos
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1678
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1678
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190206-cms-dosvendor advisory
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-148960 // 
            
            
            
            BID: 106943 // 
            
            
            
            JVNDB: JVNDB-2019-001232 // 
            
            
            
            CNNVD: CNNVD-201902-289 // 
            
            
            
            NVD: CVE-2019-1678

CREDITS
This vulnerability was found during internal security testing.,Cisco
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-289

SOURCES
db:VULHUBid:VHN-148960
db:BIDid:106943
db:JVNDBid:JVNDB-2019-001232
db:CNNVDid:CNNVD-201902-289
db:NVDid:CVE-2019-1678

LAST UPDATE DATE
2024-11-23T22:48:29.616000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148960date:2019-10-09T00:00:00
db:BIDid:106943date:2019-02-08T00:00:00
db:JVNDBid:JVNDB-2019-001232date:2019-02-18T00:00:00
db:CNNVDid:CNNVD-201902-289date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1678date:2024-11-21T04:37:04.770

SOURCES RELEASE DATE
db:VULHUBid:VHN-148960date:2019-02-07T00:00:00
db:BIDid:106943date:2019-02-08T00:00:00
db:JVNDBid:JVNDB-2019-001232date:2019-02-18T00:00:00
db:CNNVDid:CNNVD-201902-289date:2019-02-07T00:00:00
db:NVDid:CVE-2019-1678date:2019-02-07T20:29:00.323