Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability
CVE-2019-1689

7.3HIGH

Key Information:

Vendor: Cisco
Status: Cisco Webex Teams
Vendor: CVE Published:; 25 February 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920.

Affected Version(s)

Cisco Webex Teams < 3.13.26920

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/107101

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Feb 25, 2019
Vulnerability Reserved
Dec 6, 2018