Sign-up

ID

VAR-202004-0682


CVE

CVE-2019-1866


TITLE

Cisco Webex Business Suite Vulnerability in inadequate validation of data reliability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015290

DESCRIPTION

Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-the-middle or by intercepting wireless network traffic, could exploit this vulnerability to manipulate header values sent by a client to the affected application. The attacker could cause the application to use input from the header to redirect a user from the Cisco Webex Meetings Online site to an arbitrary site of the attacker's choosing. Cisco Webex Business Suite Exists in an inadequate validation of data reliability vulnerabilities.Information may be tampered with. Cisco Webex Business Suite is a set of video conferencing solutions of Cisco (Cisco)

Trust: 1.8

sources: NVD: CVE-2019-1866 // JVNDB: JVNDB-2019-015290 // VULHUB: VHN-151028 // VULMON: CVE-2019-1866

AFFECTED PRODUCTS

vendor:ciscomodel:webex business suite 39scope:ltversion:39.1.0

Trust: 1.0

vendor:ciscomodel:webex business suitescope:eqversion:39.1.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-015290 // NVD: CVE-2019-1866

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1866
value: LOW

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1866
value: LOW

Trust: 1.0

NVD: JVNDB-2019-015290
value: LOW

Trust: 0.8

CNNVD: CNNVD-202004-624
value: LOW

Trust: 0.6

VULHUB: VHN-151028
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-1866
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1866
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015290
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-151028
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1866
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1866
baseSeverity: LOW
baseScore: 3.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015290
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151028 // VULMON: CVE-2019-1866 // JVNDB: JVNDB-2019-015290 // CNNVD: CNNVD-202004-624 // NVD: CVE-2019-1866 // NVD: CVE-2019-1866

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.9

problemtype:CWE-284

Trust: 1.0

sources: VULHUB: VHN-151028 // JVNDB: JVNDB-2019-015290 // NVD: CVE-2019-1866

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-624

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202004-624

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015290

PATCH
title:CSCvm98833url:https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm98833
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015290

EXTERNAL IDS
db:NVDid:CVE-2019-1866
Trust: 2.6
db:JVNDBid:JVNDB-2019-015290
Trust: 0.8
db:CNNVDid:CNNVD-202004-624
Trust: 0.7
db:CNVDid:CNVD-2020-22846
Trust: 0.1
db:VULHUBid:VHN-151028
Trust: 0.1
db:VULMONid:CVE-2019-1866
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151028 // 
            
            
            
            VULMON: CVE-2019-1866 // 
            
            
            
            JVNDB: JVNDB-2019-015290 // 
            
            
            
            CNNVD: CNNVD-202004-624 // 
            
            
            
            NVD: CVE-2019-1866

REFERENCES
url:https://quickview.cloudapps.cisco.com/quickview/bug/cscvm98833
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-1866
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1866
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/345.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151028 // 
            
            
            
            VULMON: CVE-2019-1866 // 
            
            
            
            JVNDB: JVNDB-2019-015290 // 
            
            
            
            CNNVD: CNNVD-202004-624 // 
            
            
            
            NVD: CVE-2019-1866

SOURCES
db:VULHUBid:VHN-151028
db:VULMONid:CVE-2019-1866
db:JVNDBid:JVNDB-2019-015290
db:CNNVDid:CNNVD-202004-624
db:NVDid:CVE-2019-1866

LAST UPDATE DATE
2024-11-23T22:41:07.672000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151028date:2020-04-13T00:00:00
db:VULMONid:CVE-2019-1866date:2020-04-13T00:00:00
db:JVNDBid:JVNDB-2019-015290date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-624date:2020-04-14T00:00:00
db:NVDid:CVE-2019-1866date:2024-11-21T04:37:34.197

SOURCES RELEASE DATE
db:VULHUBid:VHN-151028date:2020-04-13T00:00:00
db:VULMONid:CVE-2019-1866date:2020-04-13T00:00:00
db:JVNDBid:JVNDB-2019-015290date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-624date:2020-04-13T00:00:00
db:NVDid:CVE-2019-1866date:2020-04-13T17:15:10.937