CVE-2020-3501

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.1MEDIUM

EPSS

0.2%

top 62.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Cisco Cisco Webex Meetings Cisco Webex Meetings Server

Timeline

PublishedAug 17

Latest updateMay 24

Description

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A suc…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages3 packages

▶NVDcisco/webex_meetings40.4.0 — 40.4.6+3

▶CVEListV5cisco/cisco_webex_meetingsn/a

▶NVDcisco/webex_meetings_server3.0, 4.0+1

🔴Vulnerability Details

GHSA

GHSA-p395-26xw-vh3p: Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted↗2022-05-24

▶

CVEList

Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities↗2020-08-17

▶

📋Vendor Advisories

Cisco

Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities↗2020-08-05

▶