CVE-2020-3542

CWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 49.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex TrainingCisco Cisco Webex Meetings
Timeline
PublishedSep 4
Latest updateMay 24

Description

A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could exploit this vulnerability by sending an API request to the application, which would return a URL that includes a meeting join page that is prepopulated with the meeting username and password. A successful ex

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

NVDcisco/webex_training< 40.7.6

🔴Vulnerability Details

2
GHSA
GHSA-f5m9-r5hc-4gww: A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeti2022-05-24
CVEList
Cisco Webex Training Unauthorized Meeting Join Vulnerability2020-09-04

📋Vendor Advisories

1
Cisco
Cisco Webex Training Unauthorized Meeting Join Vulnerability2020-09-02
CVE-2020-3542 (MEDIUM CVSS 5.3) | A vulnerability in Cisco Webex Trai | cvebase.io