// For flags

CVE-2020-3263

Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution Vulnerability

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system.

Una vulnerabilidad en Cisco Webex Meetings Desktop App, podría permitir a un atacante remoto no autenticado ejecutar programas en un sistema de usuario final afectado. La vulnerabilidad es debido a una comprobación inapropiada de la entrada que es suministrada a las URL de la aplicación. El atacante podría explotar esta vulnerabilidad al persuadir a un usuario para que siga una URL maliciosa. Una explotación con éxito podría permitir a un atacante causar que la aplicación ejecute otros programas que ya están presentes en el sistema del usuario final. Si son plantados archivos maliciosos en el sistema o en una ruta de acceso hacia archivos de red accesible, un atacante podría ejecutar código arbitrario en el sistema afectado

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-12 CVE Reserved
  • 2020-06-18 CVE Published
  • 2024-03-04 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Webex Meetings
Search vendor "Cisco" for product "Webex Meetings"
< 39.5.12
Search vendor "Cisco" for product "Webex Meetings" and version " < 39.5.12"
desktop
Affected