CVE-2020-3116

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 44.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Webex Event Center Cisco Webex Meetings Online Cisco Webex Meetings Server

Timeline

PublishedSep 23

Latest updateMay 24

Description

A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit would cause the applicati…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/webex_meetings_online1.3.43

▶NVDcisco/webex_meetings_server4.0

▶CVEListV5cisco/cisco_webex_event_centern/a

🔴Vulnerability Details

GHSA

GHSA-86c7-v7v4-whcp: A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of s↗2022-05-24

▶

CVEList

Cisco Webex Centers Denial of Service Vulnerability↗2020-09-23

▶

📋Vendor Advisories

Cisco

Cisco Webex Centers Denial of Service Vulnerability↗2020-01-08

▶