// For flags

CVE-2019-15960

Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability

Severity Score

5.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A successful exploit could allow the attacker to elevate privileges in the Webex Recording Admin page, which could allow them to view or delete recordings that they would not normally be able to access.

Una vulnerabilidad en la página Webex Network Recording Admin de Cisco Webex Meetings, podría permitir a un atacante remoto autenticado elevar los privilegios en el contexto de la página afectada. Para explotar esta vulnerabilidad, el atacante debe iniciar sesión como administrador de bajo nivel. La vulnerabilidad es debido a una comprobación de control de acceso insuficiente. Un atacante podría explotar esta vulnerabilidad al enviar una petición de URL diseñada para conseguir acceso privilegiado en el contexto de la página afectada. Una explotación con éxito podría permitir al atacante elevar los privilegios en la página Webex Recording Admin, lo que podría permitirle visualizar o eliminar grabaciones a las que normalmente no es capaz de acceder.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2019-09-06 CVE Reserved
  • 2019-11-26 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-11-21 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Webex Meetings
Search vendor "Cisco" for product "Webex Meetings"
< 39.7.0
Search vendor "Cisco" for product "Webex Meetings" and version " < 39.7.0"
-
Affected