CVE-2019-15987

Published: Nov 26, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.

Affected (6)

Products: Cisco: Webex Meetings Online, Webex Meetings Server, Webex Event Center, Webex Meeting Center, Webex Support Center, Webex Training Center

Cisco

6 products

Webex Meetings Online

Webex Meetings Server

Webex Event Center

Webex Meeting Center

Webex Support Center

Webex Training Center

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Webex Meetings Online	Version 11.0.0
Cisco Webex Meetings Server	Version 4.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Webex Event Center	All versions
Cisco Webex Meeting Center	All versions
Cisco Webex Support Center	All versions
Cisco Webex Training Center	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.