CVE-2024-20396

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information.
This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.

Una vulnerabilidad en los controladores de protocolo de la aplicación Cisco Webex podría permitir que un atacante remoto no autenticado obtenga acceso a información confidencial. Esta vulnerabilidad existe porque la aplicación afectada no maneja de forma segura los controladores de protocolo de archivos. Un atacante podría aprovechar esta vulnerabilidad persuadiendo a un usuario para que siga un vínculo manipulado para hacer que la aplicación envíe solicitudes. Si el atacante puede observar el tráfico transmitido en una posición privilegiada de la red, una explotación exitosa podría permitirle capturar información confidencial, incluida información de credenciales, de las solicitudes.

*Credits: N/A

CVSS Scores

Ciscov3.1 5.3

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-11-08 CVE Reserved
2024-07-17 CVE Published
2024-07-18 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (1)

URL	Tag	Source
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.13464.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.13464.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.13538.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.13538.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.13588.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.13588.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.14154.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.14154.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.14234.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.14234.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.14375.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.14375.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.14741.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.14741.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.14866.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.14866.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.15015.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.15015.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.15036.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.15036.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.15092.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.15092.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.15131.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.15131.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.15164.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.15164.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.15221.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.15221.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.15333.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.15333.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.15410.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.15410.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.15485.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.15485.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.15645.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.15645.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.15711.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.15711.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.16040.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.16040.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.16269.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.16269.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.16273.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.16273.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				3.0.16285.0 Search vendor "Cisco" for product "Cisco Webex Teams" and version "3.0.16285.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.1.0.21190 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.1.0.21190"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.10.0.23814 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.10.0.23814"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.11.0.24187 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.11.0.24187"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.12.0.24485 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.12.0.24485"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.2.0.21338 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.2.0.21338"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.2.0.21486 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.2.0.21486"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.3.0.21576 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.3.0.21576"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.4.1.22032 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.4.1.22032"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.5.0.22259 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.5.0.22259"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.6.0.22565 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.6.0.22565"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.6.0.22645 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.6.0.22645"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.7.0.22904 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.7.0.22904"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.7.0.23054 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.7.0.23054"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.8.0.23214 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.8.0.23214"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.8.0.23281 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.8.0.23281"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				42.9.0.23494 Search vendor "Cisco" for product "Cisco Webex Teams" and version "42.9.0.23494"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				43.1.0.24716 Search vendor "Cisco" for product "Cisco Webex Teams" and version "43.1.0.24716"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				43.2.0.25157 Search vendor "Cisco" for product "Cisco Webex Teams" and version "43.2.0.25157"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				43.2.0.25211 Search vendor "Cisco" for product "Cisco Webex Teams" and version "43.2.0.25211"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				43.3.0.25468 Search vendor "Cisco" for product "Cisco Webex Teams" and version "43.3.0.25468"		en		Affected
Cisco Search vendor "Cisco"		Cisco Webex Teams Search vendor "Cisco" for product "Cisco Webex Teams"				43.4.0.25788 Search vendor "Cisco" for product "Cisco Webex Teams" and version "43.4.0.25788"		en		Affected