CVE-2019-15987

CVE Database · CVE-2019-15987

CVE-2019-15987

· MEDIUMModified

CVSS v3.1

5.3

EPSS

1.58%

Published

Nov 26, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-287CWE-287

Affected Products (6)

cisco · webex_meetings_onlinevulnerable

cisco · webex_meetings_servervulnerable

cisco · webex_event_centervulnerable

cisco · webex_meeting_centervulnerable

cisco · webex_support_centervulnerable

cisco · webex_training_centervulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs