CVE-2024-20395

CWE-523CWE-200Information Exposure4 documents4 sources
Severity
7.3HIGH
EPSS
0.2%
top 57.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Webex TeamsCisco Webex Teams
Timeline
PublishedJul 17

Description

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic i

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

NVDcisco/webex_teams94 versions+93
CVEListV5cisco/cisco_webex_teams94 versions+93

🔴Vulnerability Details

2
GHSA
GHSA-28jg-69qr-j99g: A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive2024-07-17
CVEList
CVE-2024-20395: A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive2024-07-17

📋Vendor Advisories

1
Cisco
Cisco Webex App Vulnerabilities2024-07-17
CVE-2024-20395 (HIGH CVSS 7.3) | A vulnerability in the media retrie | cvebase.io