CVE-2020-3588

CVE Database · CVE-2020-3588

CVE-2020-3588

· HIGHModified

CVSS v3.1

7.3

EPSS

0.39%

Published

Nov 6, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-22CWE-22

Affected Products (2)

cisco · webex_meetings (up to 40.6.9)vulnerable

cisco · webex_meetings (up to 40.8.9)vulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ

PatchVendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs