CVE-2020-3419
Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.
Una vulnerabilidad en Cisco Webex Meetings y Cisco Webex Meetings Server, podría permitir a un atacante remoto no autenticado unirse a una sesión de Webex sin aparecer en la lista de participantes. Esta vulnerabilidad es debido a un manejo inapropiado de los tokens de autenticación por parte de un sitio de Webex vulnerable. Un atacante podría explotar esta vulnerabilidad mediante el envío peticiones diseñadas a un sitio vulnerable de Cisco Webex Meetings o Cisco Webex Meetings Server. Una explotación con éxito requiere que el atacante tenga acceso para unirse a una reunión de Webex, incluyendo los enlaces aplicables para unirse a una reunión y contraseñas. El atacante podría explotar esta vulnerabilidad para unirse a las reuniones, sin aparecer en la lista de participantes, mientras tiene acceso completo a las capacidades de audio, video, chat y uso compartido de pantalla
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2019-12-12 CVE Reserved
- 2020-11-18 CVE Published
- 2024-09-07 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-913: Improper Control of Dynamically-Managed Code Resources
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | < 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version " < 3.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | maintenance_release2 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | maintenance_release3 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 4.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 4.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0" | maintenance_release1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 4.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0" | maintenance_release2 |
Affected
| ||||||