CVE-2020-3502

CVE Database · CVE-2020-3502

CVE-2020-3502

· MEDIUMModified

CVSS v3.1

4.1

EPSS

1.02%

Published

Aug 17, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (11)

cisco · webex_meetings (up to 39.5.24)vulnerable

cisco · webex_meetings (up to 40.4.6)vulnerable

cisco · webex_meetings (up to 40.6.0)vulnerable

cisco · webex_meetingsvulnerable

cisco · webex_meetings_servervulnerable

· webex_meetings_server

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-g3zevBcp

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-g3zevBcp

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs