CVE-2020-3131

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.8%
top 26.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex TeamsCisco Cisco Webex Teams
Timeline
PublishedJan 26
Latest updateMay 24

Description

A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Tea

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/webex_teams3.0.13131
CVEListV5cisco/cisco_webex_teams3.0.13131

🔴Vulnerability Details

2
GHSA
GHSA-whhw-94p5-5pc4: [CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to cr2022-05-24
CVEList
Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability2020-01-26

📋Vendor Advisories

1
Cisco
Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability2020-01-22
CVE-2020-3131 (MEDIUM CVSS 6.5) | A vulnerability in the Cisco Webex | cvebase.io