CVE-2020-3502
Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.
Múltiples vulnerabilidades en la interfaz de usuario de Cisco Webex Meetings Desktop App podrían permitir a un atacante remoto autenticado obtener información restringida de otros usuarios de Webex. Estas vulnerabilidades son debido a una comprobación de entrada inapropiada de los parámetros devueltos a la aplicación desde un sitio web. Un atacante con una cuenta de Webex válida podría explotar estas vulnerabilidades al persuadir a un usuario a seguir una URL diseñada para devolver parámetros de ruta maliciosos al software afectado. Una explotación con éxito podría permitir al atacante obtener información restringida de otros usuarios de Webex.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2019-12-12 CVE Reserved
- 2020-08-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Webex Meetings Search vendor "Cisco" for product "Webex Meetings" | < 39.5.24 Search vendor "Cisco" for product "Webex Meetings" and version " < 39.5.24" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Webex Meetings Search vendor "Cisco" for product "Webex Meetings" | >= 40.4.0 < 40.4.6 Search vendor "Cisco" for product "Webex Meetings" and version " >= 40.4.0 < 40.4.6" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Webex Meetings Search vendor "Cisco" for product "Webex Meetings" | >= 40.4.10 < 40.6.0 Search vendor "Cisco" for product "Webex Meetings" and version " >= 40.4.10 < 40.6.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Webex Meetings Search vendor "Cisco" for product "Webex Meetings" | 39.7.4 Search vendor "Cisco" for product "Webex Meetings" and version "39.7.4" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | maintenance_release1 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | maintenance_release2 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | maintenance_release3 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 4.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 4.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0" | maintenance_release1 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 4.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0" | maintenance_release2 |
Affected
|