Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-15960
HistoryNov 26, 2019 - 3:15 a.m.

CVE-2019-15960

2019-11-2603:15:11
CWE-264
[email protected]
web.nvd.nist.gov
131
cve-2019-15960
vulnerability
cisco
webex meetings
remote attacker
privilege elevation

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.8%

JSON

A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A successful exploit could allow the attacker to elevate privileges in the Webex Recording Admin page, which could allow them to view or delete recordings that they would not normally be able to access.

Affected configurations

NVD
Node
ciscowebex_meetingsRange<39.7.0

CNA Affected

[
  {
    "product": "Cisco Webex Meetings ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

nessus 1
prion 1
nvd 1
cisco 1
symantec 1
cvelist 1
nessus
nessus
Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability (cisco-sa-20191106-wbs-privilege)
2019-12-03 00:00:00
prion
prion
Improper access control
2019-11-26 03:15:00
nvd
nvd
CVE-2019-15960
2019-11-26 03:15:11
cisco
cisco
Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability
2019-11-06 16:00:00
symantec
symantec
Cisco Webex Meetings CVE-2019-15960 Remote Privilege Escalation Vulnerability
2019-11-06 00:00:00
cvelist
cvelist
CVE-2019-15960 Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability
2019-11-06 00:00:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.8%

JSON
Related for CVE-2019-15960
nessus1prion1nvd1cisco1symantec1cvelist1