CVE-2019-15960 (CNNVD-201911-374)
中文标题:
思科 Cisco Webex Meetings 安全漏洞
英文标题:
Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability
漏洞描述
中文描述:
Cisco Webex Meetings是美国思科(Cisco)公司的一套视频会议解决方案。 Cisco Webex Meetings 39.7.0之前版本中的Webex Network Recording Admin页面存在安全漏洞,该漏洞源于不充分的访问控制检测。远程攻击者可通过提交特制的URL请求利用该漏洞提升权限。
英文描述:
A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A successful exploit could allow the attacker to elevate privileges in the Webex Recording Admin page, which could allow them to view or delete recordings that they would not normally be able to access.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Webex Meetings | - | < n/a | - |
cpe:2.3:a:cisco:cisco_webex_meetings:*:*:*:*:*:*:*:*
|
| cisco | webex_meetings | * | - | - |
cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.0 (cna)
MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2019-15960 |
2025-11-11 15:20:04 | 2025-11-11 07:35:36 |
| NVD | nvd_CVE-2019-15960 |
2025-11-11 14:56:29 | 2025-11-11 07:44:08 |
| CNNVD | cnnvd_CNNVD-201911-374 |
2025-11-11 15:10:18 | 2025-11-11 07:55:11 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-201911-374
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']