CVE-2019-16948
Last modified
CVE-2019-16948 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). EPSS estimates a 1.33% chance of exploitation in the next 30 days.
Description
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Enghouse | Web Chat | 6.1.300.31 |
References
- https://mjlanders.com/2019/11/07/multiple-vulnerabilities-found-in-enghouse-zeacom-web-chat/Exploit, Third Party Advisory
- https://mjlanders.com/2019/11/07/multiple-vulnerabilities-found-in-enghouse-zeacom-web-chat/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-16948?
How severe is CVE-2019-16948?
How do I fix CVE-2019-16948?
Are you affected by CVE-2019-16948?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST