CVE-2020-3182

Cisco Webex Meetings Client for MacOS Information Disclosure Vulnerability

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. The vulnerability exists because sensitive information is included in the mDNS reply. An attacker could exploit this vulnerability by doing an mDNS query for a particular service against an affected device. A successful exploit could allow the attacker to gain access to sensitive information.

Una vulnerabilidad en la configuración del protocolo DNS multidifusión (mDNS) de Cisco Webex Meetings Client para MacOS, podría permitir a un atacante adyacente no autenticado obtener información confidencial sobre el dispositivo en el que se ejecuta el cliente Webex. La vulnerabilidad se presenta porque la información confidencial se incluye en la respuesta en mDNS. Un atacante podría explotar esta vulnerabilidad al hacer una consulta en mDNS para un servicio en particular contra un dispositivo afectado. Una explotación con éxito podría permitir al atacante conseguir acceso a información confidencial.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-12-12 CVE Reserved
2020-03-04 CVE Published
2023-03-08 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-info-disc-OHqg982	2020-05-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Webex Meetings Search vendor "Cisco" for product "Webex Meetings"				<= 40.1.8.5 Search vendor "Cisco" for product "Webex Meetings" and version " <= 40.1.8.5"		macos		Affected