CVE-2019-1689 — Vulnetix

CVE-2019-1689 PUBLISHED CVSS 7.300000190734863 HIGH

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920.

EPSS 0.34% · 56.8th percentile

Risk Scores

CVSS 3.0

7.300000190734863

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

EPSS Score

0.34%

56.8th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Webex Teams	unspecified
cisco	webex_teams	0

Exploit Intelligence

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file (nist-nvd)
107101 (circl)

Timeline

Feb 25, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score

References

20190220 Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability vendor-advisory
107101 vdb
https://nvd.nist.gov/vuln/detail/CVE-2019-1689 advisory

Open in Interactive Console →