CVE-2019-15987

Name of the Vulnerable Software and Affected Versions Cisco Webex Event Center (affected versions not specified) Cisco Webex Meeting Center (affected versions not specified) Cisco Webex Support Center (affected versions not specified) Cisco Webex Training Center (affected versions not specified)

Description A vulnerability in the web interface of the Cisco Webex products could allow an unauthenticated, remote attacker to guess account usernames due to missing CAPTCHA protection in certain URLs. An attacker could exploit this by sending a crafted request to the web interface, potentially allowing them to determine if a given username is valid and find the real name of the user.

Recommendations For Cisco Webex Event Center, consider implementing CAPTCHA protection for all URLs as a temporary workaround until a patch is available. For Cisco Webex Meeting Center, restrict access to sensitive information to minimize the risk of exploitation. For Cisco Webex Support Center, avoid using vulnerable URLs in the web interface until the issue is resolved. For Cisco Webex Training Center, disable any features that rely on username validation until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.