CVE-2019-1689 HIGH

CVE-2019-1689: Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability

Vendor Cisco
Product Cisco Webex Teams
Weakness CWE-20 · Input validation
Published February 25, 2019
Last update November 21, 2024
View on NVD All CVEs

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920.

Key dates

02Disclosure timeline

February 25, 2019 CVE published
November 21, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-20684 Windows Hyper-V Denial of Service Vulnerability CVE-2026-39399 NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation CVE-2023-47804 Apache OpenOffice: Macro URL arbitrary script execution CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component CVE-2020-3309 Cisco Firepower Device Manager On-Box Software Arbitrary File Overwrite Vulnerability