CVE-2019-15960Cisco Webex Meetings vulnerability

CWE-2644 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 56.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex MeetingsCisco Webex Meetings
Timeline
PublishedNov 26
Latest updateMay 24

Description

A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A success

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDcisco/webex_meetings< 39.7.0
CVEListV5cisco/cisco_webex_meetingsunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-3h75-cj34-c2gv: A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges2022-05-24
CVEList
Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability2019-11-26

📋Vendor Advisories

1
Cisco
Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability2019-11-06
CVE-2019-15960 — Cisco Webex Meetings vulnerability | cvebase