CVE-2020-3126Improper Access Control in Cisco Webex Meetings Multimedia Viewer

CWE-284Improper Access ControlCWE-20Improper Input Validation3 documents3 sources
Severity
3.5LOWNVD
CNA3.0
EPSS
0.1%
top 68.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex Meetings Multimedia ViewerCisco Webex Meetings Server
Timeline
PublishedApr 13
Latest updateMay 24

Description

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cau

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-whw2-mwc3-hmmg: vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protection2022-05-24
CVEList
Cisco Webex Meetings Multimedia Viewer Vulnerability2020-04-13
CVE-2020-3126 — Improper Access Control in Cisco | cvebase