CVE-2020-3126 — Improper Access Control in Cisco Webex Meetings Multimedia Viewer

CWE-284 — Improper Access Control CWE-20 — Improper Input Validation3 documents3 sources

Severity

3.5LOWNVD

CNA3.0

EPSS

0.1%

top 68.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Multimedia Viewer Cisco Webex Meetings Server

Timeline

PublishedApr 13

Latest updateMay 24

Description

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cau…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco/cisco_webex_meetings_multimedia_viewerT39.3

▶NVDcisco/webex_meetings_servert39.3

🔴Vulnerability Details

GHSA

GHSA-whw2-mwc3-hmmg: vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protection↗2022-05-24

▶

CVEList

Cisco Webex Meetings Multimedia Viewer Vulnerability↗2020-04-13

▶