CVE-2020-3361

Published: Jun 18, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.

Affected (8)

Products: Cisco: Webex Meetings, Webex Meetings Server

Cisco

2 products

Webex Meetings

Webex Meetings Server

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Cisco Webex Meetings	Up to 39.5.25
Cisco Webex Meetings	From 40.1.0 to 40.4.10
Cisco Webex Meetings	Version 40.6.0
Cisco Webex Meetings Server	Before 4.0
Cisco Webex Meetings Server	Version 4.0
Cisco Webex Meetings Server	Version 4.0 maintenance_release1
Cisco Webex Meetings Server	Version 4.0 maintenance_release2
Cisco Webex Meetings Server	Version 4.0 maintenance_release3

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-token-zPvEjKN

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-token-zPvEjKN

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.