Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3142

Опубликовано: 26 янв. 2020
Источник: nvd
CVSS3: 7.5
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Me

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:cisco:webex_meetings_online:*:*:*:*:*:*:*:*
Версия до 39.11.5 (исключая)
Конфигурация 2
cpe:2.3:a:cisco:webex_meetings_online:*:*:*:*:*:*:*:*
Версия до 40.1.3 (исключая)

EPSS

Процентиль: 65%
0.00496
Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284
CWE-306

Связанные уязвимости

github логотип

GHSA-58r3-xwfg-7j3x

github
больше 3 лет назад

[CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required.

fstec логотип

BDU:2020-00983

CVSS3: 7.5
fstec
около 6 лет назад

Уязвимость программного обеспечения для веб-конференцсвязи Cisco Webex Meetings, связанная с недостатками контроля доступа, позволяющая нарушителю присоединиться к совещанию, защищенному паролем

EPSS

Процентиль: 65%
0.00496
Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284
CWE-306