CVE-2020-3342 — Improper Certificate Validation in Cisco Webex Meetings

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

8.8HIGHNVD

EPSS

1.0%

top 23.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Cisco Webex Meetings Server

Timeline

PublishedJun 18

Latest updateMay 24

Description

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are retu…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/webex_meetings< 39.5.11

▶CVEListV5cisco/cisco_webex_meetings_servern/a

🔴Vulnerability Details

GHSA

GHSA-4f94-mvx7-c9mf: A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute↗2022-05-24

▶

CVEList

Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability↗2020-06-18

▶

📋Vendor Advisories

Cisco

Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability↗2020-06-17

▶

💬Community

Bugzilla

CVE-2020-13231 cacti: CSRF at admin email↗2020-05-26

▶