CVE-2018-0436

CWE-284Improper Access ControlCWE-269Improper Privilege Management4 documents4 sources
Severity
8.7HIGH
EPSS
0.2%
top 53.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex TeamsCisco Cisco Webex Teams
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view an

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:NExploitability: 2.3 | Impact: 5.8

Affected Packages2 packages

NVDcisco/webex_teams< 10.6.0

🔴Vulnerability Details

2
GHSA
GHSA-jr8m-x5pc-vrvr: A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization2022-05-13
CVEList
Cisco Webex Teams Information Disclosure and Modification Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco Webex Teams Information Disclosure and Modification Vulnerability2018-09-05
CVE-2018-0436 (HIGH CVSS 8.7) | A vulnerability in Cisco Webex Team | cvebase.io