CVE-2019-1939 HIGH

CVE-2019-1939: Cisco Webex Teams Logging Feature Command Execution Vulnerability

Vendor Cisco
Product Cisco Webex Teams
Weakness CWE-74
Published September 5, 2019
Last update November 20, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user.

Key dates

02Disclosure timeline

September 5, 2019 CVE published
November 20, 2024 Record updated