CVE-2019-1939

CWE-74CWE-269Improper Privilege Management6 documents5 sources
Severity
8.8HIGH
EPSS
2.2%
top 15.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Webex TeamsCisco Webex Teams
Timeline
PublishedSep 5
Latest updateMay 24

Description

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/webex_teams< 3.0.12427.0
CVEListV5cisco/cisco_webex_teamsunspecified3.0.12427.0

🔴Vulnerability Details

2
GHSA
GHSA-w3v7-95f2-5pgr: A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affect2022-05-24
CVEList
Cisco Webex Teams Logging Feature Command Execution Vulnerability2019-09-05

📋Vendor Advisories

1
Cisco
Cisco Webex Teams Logging Feature Command Execution Vulnerability2019-09-04

💬Community

2
Bugzilla
CVE-2019-10128 postgresql: EnterpriseDB installer does not clear permissive ACL entries2019-05-06
Bugzilla
CVE-2019-10129 postgresql: Memory disclosure in partition routing2019-05-06
CVE-2019-1939 (HIGH CVSS 8.8) | A vulnerability in the Cisco Webex | cvebase.io