CVE-2024-20507
published 2024-11-06CVE-2024-20507: A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text…
PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.38%
29.8th percentile
A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.
This vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this vulnerability by logging in to the web-based management interface. A successful exploit could allow the attacker to view sensitive data that is stored on the affected device.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | meeting_management | < 3.10.0 | 3.10.0 |
| cisco | meeting_management | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_cisco4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3f53-hv33-hf39: A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in cl
ghsa_unreviewed·2024-11-06
CVE-2024-20507 [MEDIUM] CWE-200 GHSA-3f53-hv33-hf39: A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in cl
A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.
This vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this vulnerability by logging in to the web-based management interface. A successful exploit could allow the attacker to view sensitive data that is stored on the affected device.
Cisco
Cisco Meeting Management Information Disclosure Vulnerability
vendor_cisco·2024-11-06·CVSS 4.3
CVE-2024-20507 [MEDIUM] CWE-200 Cisco Meeting Management Information Disclosure Vulnerability
Cisco Meeting Management Information Disclosure Vulnerability
A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.
This vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this vulnerability by logging in to the web-based management interface. A successful exploit could allow the attacker to view sensitive data that is stored on the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/sec
Cisco
Cisco Meeting Management Information Disclosure Vulnerability
vendor_cisco·CVSS 3.1
CVE-2024-20507 Cisco Meeting Management Information Disclosure Vulnerability
CVE-2024-20507: Cisco Meeting Management Information Disclosure Vulnerability
A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this vulnerability by logging in to the web-based management interface. A successful exploit could allow the attacker to view sensitive data that is stored on the affected device. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.1
CWE: CWE-200, CWE-200
Bug IDs: CSCwm05372
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-06
Published