Details of VAR-201911-1305

ID

VAR-201911-1305

CVE

CVE-2019-15966

TITLE

Cisco TelePresence Advanced Media Gateway Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011615

DESCRIPTION

A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition

Trust: 2.25

sources: NVD: CVE-2019-15966 // JVNDB: JVNDB-2019-011615 // CNVD: CNVD-2020-00296 // VULHUB: VHN-148065

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-00296

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence advanced media gateway	scope:	eq	version:	1.1	Trust: 1.6
vendor:	cisco	model:	telepresence advanced media gateway series software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence advanced media gateway	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-00296 // JVNDB: JVNDB-2019-011615 // CNNVD: CNNVD-201911-200 // NVD: CVE-2019-15966

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15966
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15966
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15966
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-00296
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201911-200
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148065
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-15966
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-00296
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-148065
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-15966
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.1
Trust: 2.0
NVD:	CVE-2019-15966
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-00296 // VULHUB: VHN-148065 // JVNDB: JVNDB-2019-011615 // CNNVD: CNNVD-201911-200 // NVD: CVE-2019-15966 // NVD: CVE-2019-15966

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-148065 // JVNDB: JVNDB-2019-011615 // NVD: CVE-2019-15966

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-200

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-200

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011615

PATCH

title:	CSCvr69362 - Cisco TelePresence Advanced Media Gateway Authenticated Denial of Service Vulnerability	url:	https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr69362	Trust: 0.8
title:	Patch for Cisco TelePresence Advanced Media Gateway Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/195979	Trust: 0.6

sources: CNVD: CNVD-2020-00296 // JVNDB: JVNDB-2019-011615

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15966	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-011615	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-200	Trust: 0.7
db:	CNVD	id:	CNVD-2020-00296	Trust: 0.6
db:	VULHUB	id:	VHN-148065	Trust: 0.1

sources: CNVD: CNVD-2020-00296 // VULHUB: VHN-148065 // JVNDB: JVNDB-2019-011615 // CNNVD: CNNVD-201911-200 // NVD: CVE-2019-15966

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-15966	Trust: 2.0
url:	https://quickview.cloudapps.cisco.com/quickview/bug/cscvr69362	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15966	Trust: 0.8

sources: CNVD: CNVD-2020-00296 // VULHUB: VHN-148065 // JVNDB: JVNDB-2019-011615 // CNNVD: CNNVD-201911-200 // NVD: CVE-2019-15966

SOURCES

db:	CNVD	id:	CNVD-2020-00296
db:	VULHUB	id:	VHN-148065
db:	JVNDB	id:	JVNDB-2019-011615
db:	CNNVD	id:	CNNVD-201911-200
db:	NVD	id:	CVE-2019-15966

LAST UPDATE DATE

2024-11-23T21:51:50.182000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-00296	date:	2020-01-03T00:00:00
db:	VULHUB	id:	VHN-148065	date:	2019-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-011615	date:	2019-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201911-200	date:	2019-11-08T00:00:00
db:	NVD	id:	CVE-2019-15966	date:	2024-11-21T04:29:50.143

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-00296	date:	2020-01-03T00:00:00
db:	VULHUB	id:	VHN-148065	date:	2019-11-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-011615	date:	2019-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201911-200	date:	2019-11-05T00:00:00
db:	NVD	id:	CVE-2019-15966	date:	2019-11-05T19:15:10.633