CVE-2023-20180Cross-Site Request Forgery in Cisco Webex Meetings

CWE-352Cross-Site Request ForgeryCWE-79Cross-site ScriptingCWE-749Exposed Dangerous Method or Function5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 48.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex MeetingsCisco Webex Meetings
Timeline
PublishedJul 7

Description

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could incl

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/webex_meetings32 versions+31
CVEListV5cisco/cisco_webex_meetings32 versions+31

🔴Vulnerability Details

3
CVEList
CVE-2023-20180: A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (2023-07-07
GHSA
GHSA-q3fh-c732-57w2: A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (2023-07-07
GHSA
xwiki contains Exposed Dangerous Method or Function2023-03-03

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings Web UI Vulnerabilities2023-07-05
CVE-2023-20180 — Cross-Site Request Forgery in Cisco | cvebase