First published: Tue Nov 26 2019(Updated: )
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings Online | =11.0.0 | |
Cisco WebEx Meetings Server | =4.0 | |
Cisco WebEx Event Center | ||
Cisco WebEx Meeting Center | ||
Cisco Webex Support Center | ||
Cisco WebEx Training Center |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15987 is a vulnerability in the web interface of Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center that allows an unauthenticated, remote attacker to guess account usernames.
An attacker can exploit CVE-2019-15987 by leveraging the missing CAPTCHA protection in certain URLs to guess account usernames.
Cisco Webex Meetings Online 11.0.0 and Cisco WebEx Meetings Server 4.0 are affected by CVE-2019-15987.
CVE-2019-15987 has a severity rating of 5.3 (medium).
Yes, Cisco has released a security advisory with a fix for CVE-2019-15987. Please refer to the provided reference for more information.