CVE-2020-3588Path Traversal in Cisco Webex Meetings

CWE-22Path Traversal5 documents5 sources
Severity
7.8HIGHNVD
CNA7.3
EPSS
0.0%
top 85.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex MeetingsCisco Webex Meetings Desktop APP
Timeline
PublishedNov 6
Latest updateMay 24

Description

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sendi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/webex_meetings40.8.040.8.9+1

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

3
GHSA
GHSA-x2h2-w5f2-8vg8: A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary2022-05-24
OSV
bluez vulnerabilities2021-06-16
CVEList
Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability2020-11-06

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability2020-11-04
CVE-2020-3588 — Path Traversal in Cisco Webex Meetings | cvebase