CVE-2019-16948 — CRITICAL (9.8)

Vulnerability Description

An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Enghouse	Web Chat	6.1.300.31

Related Weaknesses (CWE)

CWE-918

References

https://mjlanders.com/2019/11/07/multiple-vulnerabilities-found-in-enghouse-zeacExploitThird Party Advisory
https://mjlanders.com/2019/11/07/multiple-vulnerabilities-found-in-enghouse-zeacExploitThird Party Advisory

FAQ

What is CVE-2019-16948?

CVE-2019-16948 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to d...

How severe is CVE-2019-16948?

CVE-2019-16948 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-16948?

Check the references section above for vendor advisories and patch information. Affected products include: Enghouse Web Chat.