CVE-2023-20180

Опубликовано: 07 июл. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:webex_meetings:39.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.7.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.7.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.8:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.8.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.8.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.8.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.9:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.9.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.11:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.4.10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.6.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:42.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:42.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:42.8:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:42.9:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:42.10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:42.11:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:42.12:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:43.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:43.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:43.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:43.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:43.4.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:43.4.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:43.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00226

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-q3fh-c732-57w2

CVSS3: 4.3

github

больше 2 лет назад

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions.

BDU:2023-03758

CVSS3: 4.3

fstec

больше 2 лет назад

Уязвимость веб-интерфейса программного обеспечения для веб-конференцсвязи Cisco Webex Meetings, позволяющая нарушителю реализовать CSRF-атаку

EPSS

Процентиль: 45%

0.00226

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352