← Back

CVE-2020-3501

nvd nist
Published: Aug 17, 2020Modified: Nov 21, 2024

JSON object

Loading...
4.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Exploitability: 2.3 / Impact: 1.4
Source: NVD

Description

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.

Affected (11)

Cisco
2 products
Webex Meetings
Webex Meetings Server
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Webex Meetings
Before 39.5.24
Webex Meetings
From 40.4.0 to 40.4.6
Webex Meetings
From 40.4.10 to 40.6.0
Webex Meetings
Version 39.7.4
Cisco
Webex Meetings Server
Version 3.0
Webex Meetings Server
Version 3.0 maintenance_release1
Webex Meetings Server
Version 3.0 maintenance_release2
Webex Meetings Server
Version 3.0 maintenance_release3
Webex Meetings Server
Version 4.0
Webex Meetings Server
Version 4.0 maintenance_release1
Webex Meetings Server
Version 4.0 maintenance_release2

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.