CVE-2020-3361
published 2020-06-18CVE-2020-3361: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_webex_meetings_server | — | — |
| cisco | webex_meetings | <= 39.5.25 | — |
| cisco | webex_meetings | — | — |
| cisco | webex_meetings | 40.1.0 – 40.4.10 | — |
| cisco | webex_meetings_and_cisco_webex_meetings_server_token_handling_unauthorized_acces | — | — |
| cisco | webex_meetings_server | < 4.0 | 4.0 |
| cisco | webex_meetings_server | — | — |