CVE-2020-3413 — Improper Access Control in Cisco Webex Meetings Online

CWE-284 — Improper Access Control CWE-863 — Incorrect Authorization4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 67.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Online Cisco Webex Meetings

Timeline

PublishedAug 17

Latest updateMay 24

Description

A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to delete a scheduled meeting template. A successful exp…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/webex_meetings_online< 40.7.0

▶CVEListV5cisco/cisco_webex_meetingsn/a

🔴Vulnerability Details

GHSA

GHSA-w722-6rvh-v7w7: A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled↗2022-05-24

▶

CVEList

Cisco Webex Meetings Scheduled Meeting Template Deletion Vulnerability↗2020-08-17

▶

📋Vendor Advisories

Cisco

Cisco Webex Meetings Scheduled Meeting Template Deletion Vulnerability↗2020-08-05

▶