CVE-2020-3182Sensitive Information Exposure in Cisco Webex Meetings

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 56.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex MeetingsCisco Webex Meetings
Timeline
PublishedMar 4
Latest updateMay 24

Description

A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. The vulnerability exists because sensitive information is included in the mDNS reply. An attacker could exploit this vulnerability by doing an mDNS query for a particular service against an affected device. A successful exploit could allow the attacker to

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_webex_meetingsunspecifiedn/a
NVDcisco/webex_meetings40.1.8.5

🔴Vulnerability Details

2
GHSA
GHSA-gx8j-3gxx-r6x6: A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent at2022-05-24
CVEList
Cisco Webex Meetings Client for MacOS Information Disclosure Vulnerability2020-03-04

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings Client for MacOS Information Disclosure Vulnerability2020-03-04
CVE-2020-3182 — Sensitive Information Exposure in Cisco | cvebase