CVE-2020-3412 — Improper Access Control in Cisco Webex Meetings Online

CWE-284 — Improper Access Control CWE-863 — Incorrect Authorization4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 67.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Online Cisco Webex Meetings

Timeline

PublishedAug 17

Latest updateMay 24

Description

A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to create a scheduled meeting template. A successful e…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/webex_meetings_online< 40.7.0

▶CVEListV5cisco/cisco_webex_meetingsn/a

🔴Vulnerability Details

GHSA

GHSA-xmqx-8fv3-jc9q: A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled↗2022-05-24

▶

CVEList

Cisco Webex Meetings Scheduled Meeting Template Creation Vulnerability↗2020-08-17

▶

📋Vendor Advisories

Cisco

Cisco Webex Meetings Scheduled Meeting Template Creation Vulnerability↗2020-08-05

▶