CVE-2024-20396Sensitive Information Exposure in Cisco Webex Teams

CWE-200Sensitive Information ExposureCWE-523Unprotected Transport of Credentials4 documents4 sources
Severity
6.5MEDIUMNVD
CNA5.3
EPSS
0.9%
top 24.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex TeamsCisco Webex Teams
Timeline
PublishedJul 17

Description

A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/webex_teams44 versions+43
CVEListV5cisco/cisco_webex_teams44 versions+43

🔴Vulnerability Details

2
GHSA
GHSA-67ww-939x-f5pp: A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information2024-07-17
CVEList
CVE-2024-20396: A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information2024-07-17

📋Vendor Advisories

1
Cisco
Cisco Webex App Vulnerabilities2024-07-17
CVE-2024-20396 — Sensitive Information Exposure | cvebase