CVE-2019-1689

CWE-20Improper Input Validation4 documents4 sources
Severity
7.3HIGH
EPSS
0.3%
top 43.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Webex TeamsCisco Webex Teams
Timeline
PublishedFeb 25
Latest updateMay 13

Description

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:HExploitability: 2.1 | Impact: 5.2

Affected Packages2 packages

NVDcisco/webex_teams< 3.13.26920
CVEListV5cisco/cisco_webex_teamsunspecified3.13.26920

🔴Vulnerability Details

2
GHSA
GHSA-rg62-gwr6-wv2q: A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within2022-05-13
CVEList
Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability2019-02-25

📋Vendor Advisories

1
Cisco
Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability2019-02-20
CVE-2019-1689 (HIGH CVSS 7.3) | A vulnerability in the client appli | cvebase.io