CVE-2020-3471

CWE-20Improper Input ValidationCWE-6624 documents4 sources
Severity
6.5MEDIUM
EPSS
0.6%
top 29.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex Meetings ServerCisco Cisco Webex Meetings Server
Timeline
PublishedNov 18
Latest updateMay 24

Description

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-925x-95jq-3vgq: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audi2022-05-24
CVEList
Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability2020-11-18

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability2020-11-18
CVE-2020-3471 (MEDIUM CVSS 6.5) | A vulnerability in Cisco Webex Meet | cvebase.io