Rewterz Threat Advisory – CVE-2019-16005 – Cisco Webex Video Mesh Node Command Injection Vulnerability

Friday, January 10, 2020

Severity

Medium

Analysis Summary

The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node.

Impact

Execute arbitrary commands

Affected Vendors

Cisco

Affected Products

Cisco Webex Video Mesh Software releases earlier than 2019.09.19.1956m

Remediation

Please see vendor’s advisory for more details.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-video

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 10, January 2020 Rewterz Threat Advisory – CVE-2020-1600 – Juniper Networks Junos OS Denial of Service in the RPD daemon
  • 10, January 2020 Rewterz Threat Alert – Bank of America Phishing Campaign
  • 10, January 2020 Rewterz Threat Alert – LiquorBot Botnet
  • 10, January 2020 Rewterz Threat Advisory – CVE-2019-16005 – Cisco Webex Video Mesh Node Command Injection Vulnerability

Copyright © Rewterz. All rights reserved.