{"containers": {"cna": {"affected": [{"product": "Cisco WebEx Meetings for iOS", "vendor": "Cisco", "versions": [{"lessThanOrEqual": "39.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-08-21T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-21T18:30:24", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190821 Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert"}], "source": {"advisory": "cisco-sa-20190821-webex-ssl-cert", "defect": [["CSCvq26812"]], "discovery": "INTERNAL"}, "title": "Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-08-21T16:00:00-0700", "ID": "CVE-2019-1948", "STATE": "PUBLIC", "TITLE": "Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco WebEx Meetings for iOS", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "39.5"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "5.9", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-295"}]}]}, "references": {"reference_data": [{"name": "20190821 Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert"}]}, "source": {"advisory": "cisco-sa-20190821-webex-ssl-cert", "defect": [["CSCvq26812"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:35:51.958Z"}, "title": "CVE Program Container", "references": [{"name": "20190821 Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-21T18:57:12.787635Z", "id": "CVE-2019-1948", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T19:15:31.202Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1948", "datePublished": "2019-08-21T18:30:24.142204Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-21T19:15:31.202Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert", "name": "20190821 Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:35:51.958Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-1948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-21T18:57:12.787635Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T18:58:40.166Z"}}], "cna": {"title": "Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability", "source": {"defect": [["CSCvq26812"]], "advisory": "cisco-sa-20190821-webex-ssl-cert", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco WebEx Meetings for iOS", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "39.5"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2019-08-21T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert", "name": "20190821 Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2019-08-21T18:30:24"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "5.9", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}}, "source": {"defect": [["CSCvq26812"]], "advisory": "cisco-sa-20190821-webex-ssl-cert", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"affected": "<=", "version_value": "39.5", "version_affected": "<="}]}, "product_name": "Cisco WebEx Meetings for iOS"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert", "name": "20190821 Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-295"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-1948", "STATE": "PUBLIC", "TITLE": "Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-08-21T16:00:00-0700"}}}}, "cveMetadata": {"cveId": "CVE-2019-1948", "state": "PUBLISHED", "dateUpdated": "2024-11-21T19:15:31.202Z", "dateReserved": "2018-12-06T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2019-08-21T18:30:24.142204Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "7729C6FC-03C6-4790-B4A4-59320880FF51", "versionEndIncluding": "39.5", "versionStartIncluding": "11.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Webex Meetings Mobile (iOS) podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso de lectura no autorizado a datos confidenciales mediante el uso de un certificado SSL (Secure Sockets Layer) no v\u00e1lido. La vulnerabilidad se debe a una validaci\u00f3n insuficiente del certificado SSL por parte del software afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad al proporcionar un certificado SSL dise\u00f1ado a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar ataques de hombre en el medio para descifrar informaci\u00f3n confidencial sobre las conexiones de los usuarios con el software afectado."}], "id": "CVE-2019-1948", "lastModified": "2024-11-21T04:37:44.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-21T19:15:15.543", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}