// For flags

CVE-2020-3361

Cisco Webex Meetings and Cisco Webex Meetings Server Token Handling Unauthorized Access Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.

Una vulnerabilidad en Cisco Webex Meetings y Cisco Webex Meetings Server, podría permitir a un atacante remoto no autenticado conseguir acceso no autorizado a un sitio vulnerable de Webex. La vulnerabilidad es debido al manejo inapropiado de los tokens de autenticación por parte de un sitio vulnerable de Webex. Un atacante podría explotar esta vulnerabilidad mediante el envío de peticiones diseñadas hacia un sitio vulnerable de Cisco Webex Meetings o Cisco Webex Meetings Server. Si tiene éxito, el atacante podría alcanzar los privilegios de otro usuario dentro del sitio Webex afectado

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2019-12-12 CVE Reserved
  • 2020-06-18 CVE Published
  • 2024-07-27 EPSS Updated
  • 2024-11-15 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Webex Meetings
Search vendor "Cisco" for product "Webex Meetings"
<= 39.5.25
Search vendor "Cisco" for product "Webex Meetings" and version " <= 39.5.25"
-
Affected
Cisco
Search vendor "Cisco"
Webex Meetings
Search vendor "Cisco" for product "Webex Meetings"
>= 40.1.0 <= 40.4.10
Search vendor "Cisco" for product "Webex Meetings" and version " >= 40.1.0 <= 40.4.10"
-
Affected
Cisco
Search vendor "Cisco"
Webex Meetings
Search vendor "Cisco" for product "Webex Meetings"
40.6.0
Search vendor "Cisco" for product "Webex Meetings" and version "40.6.0"
-
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
< 4.0
Search vendor "Cisco" for product "Webex Meetings Server" and version " < 4.0"
-
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
4.0
Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0"
-
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
4.0
Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0"
maintenance_release1
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
4.0
Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0"
maintenance_release2
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
4.0
Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0"
maintenance_release3
Affected