Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3419

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.

Published

2020-11-18T19:15:12.350

Last Modified

2024-11-21T05:31:00.900

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-913
Type: Primary
CWE-913

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	webex_meetings_server	< 3.0	Yes
Application	cisco	webex_meetings_server	3.0	Yes
Application	cisco	webex_meetings_server	3.0	Yes
Application	cisco	webex_meetings_server	3.0	Yes
Application	cisco	webex_meetings_server	4.0	Yes
Application	cisco	webex_meetings_server	4.0	Yes
Application	cisco	webex_meetings_server	4.0	Yes

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-auth-token-3vg57A5r Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-auth-token-3vg57A5r Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)