// For flags

CVE-2020-3502

Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities

Severity Score

4.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.

Múltiples vulnerabilidades en la interfaz de usuario de Cisco Webex Meetings Desktop App podrían permitir a un atacante remoto autenticado obtener información restringida de otros usuarios de Webex. Estas vulnerabilidades son debido a una comprobación de entrada inapropiada de los parámetros devueltos a la aplicación desde un sitio web. Un atacante con una cuenta de Webex válida podría explotar estas vulnerabilidades al persuadir a un usuario a seguir una URL diseñada para devolver parámetros de ruta maliciosos al software afectado. Una explotación con éxito podría permitir al atacante obtener información restringida de otros usuarios de Webex.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-12 CVE Reserved
  • 2020-08-17 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Webex Meetings
Search vendor "Cisco" for product "Webex Meetings"
< 39.5.24
Search vendor "Cisco" for product "Webex Meetings" and version " < 39.5.24"
-
Affected
Cisco
Search vendor "Cisco"
Webex Meetings
Search vendor "Cisco" for product "Webex Meetings"
>= 40.4.0 < 40.4.6
Search vendor "Cisco" for product "Webex Meetings" and version " >= 40.4.0 < 40.4.6"
-
Affected
Cisco
Search vendor "Cisco"
Webex Meetings
Search vendor "Cisco" for product "Webex Meetings"
>= 40.4.10 < 40.6.0
Search vendor "Cisco" for product "Webex Meetings" and version " >= 40.4.10 < 40.6.0"
-
Affected
Cisco
Search vendor "Cisco"
Webex Meetings
Search vendor "Cisco" for product "Webex Meetings"
39.7.4
Search vendor "Cisco" for product "Webex Meetings" and version "39.7.4"
-
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
3.0
Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0"
-
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
3.0
Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0"
maintenance_release1
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
3.0
Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0"
maintenance_release2
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
3.0
Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0"
maintenance_release3
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
4.0
Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0"
-
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
4.0
Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0"
maintenance_release1
Affected
Cisco
Search vendor "Cisco"
Webex Meetings Server
Search vendor "Cisco" for product "Webex Meetings Server"
4.0
Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0"
maintenance_release2
Affected