Auto-merge PR#3114

2025-06-10 02:04:31 +00:00 · 2020-01-25 23:50:38 -05:00 · 2020-01-25 23:50:38 -05:00 · 34700b2e42
commit 34700b2e42
parent d2574249d2 5073cefd29
1 changed files with 87 additions and 0 deletions
--- a/2019/16xxx/CVE-2019-16005.json
+++ b/2019/16xxx/CVE-2019-16005.json
@ -0,0 +1,87 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2020-01-08T16:00:00-0800",
+        "ID": "CVE-2019-16005",
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Webex Video Mesh Node Command Injection Vulnerability"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco Webex Video Mesh ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "affected": "<",
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node. "
+            }
+        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "7.2",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-77"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20200108 Cisco Webex Video Mesh Node Command Injection Vulnerability",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-video"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-20200108-webex-video",
+        "defect": [
+            [
+                "CSCvr35921"
+            ]
+        ],
+        "discovery": "INTERNAL"
+    }
+}