CVE-2020-3541

CWE-200Information ExposureCWE-532Log File Information Exposure6 documents6 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 80.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Webex MeetingsCisco Webex TeamsCisco Cisco Webex Meetings
Timeline
PublishedSep 4
Latest updateMay 24

Description

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

NVDcisco/webex_meetings40.6.040.6.6+1
NVDcisco/webex_teams< 3.0.15711.0

🔴Vulnerability Details

3
GHSA
GHSA-5rmf-gfqh-5993: A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webe2022-05-24
GHSA
Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.122021-05-17
CVEList
Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability2020-09-04

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability2020-09-02

💬Community

1
Bugzilla
CVE-2019-16541 jenkins-jira-plugin: plugin information disclosure2020-04-01
CVE-2020-3541 (MEDIUM CVSS 4.4) | A vulnerability in the media engine | cvebase.io