CVE-2019-15987
MEDIUMCisco Webex Event/Meeting/Support/Training Center - Unauthenticated Username Enumeration
Title source: llmDescription
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis
Scores
CVSS v3
5.3
EPSS
0.0158
EPSS Percentile
72.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (6)
cisco/webex_event_center
cisco/webex_meeting_center
cisco/webex_meetings_online
11.0.0
cisco/webex_meetings_server
4.0
cisco/webex_support_center
cisco/webex_training_center
Published
Nov 26, 2019
Tracked Since
Feb 18, 2026