cve/2024/CVE-2024-20395.md

### [CVE-2024-20395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20395)
![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Webex%20Teams&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.0.13464.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.13538.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.13588.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.14154.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.14234.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.14375.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.14741.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.14866.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.15015.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.15036.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.15092.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.15131.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.15164.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.15221.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.15333.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.15410.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.15485.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.15645.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.15711.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.16040.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.16269.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.16273.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.16285.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.1.57%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.1.92%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.10%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.10.343%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.11.211%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.12%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.12.236%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.13%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.13.200%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.14%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.15%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.16%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.17%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.18%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.19%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.2.42%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.2.75%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.20%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.5%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.5.224%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.6.197%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.7.78%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.8%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.8.170%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.9%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.9.205%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.9.252%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.9.269%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.1.0.169%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.1.0.21190%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.1.0.2219%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.10%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.10.0.23814%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.10.0.24000%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.11%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.11.0.24187%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.12%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.12.0.24485%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.2.0.21338%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.2.0.21486%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.3.0.21576%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.4.1.22032%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.5.0.22259%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.6.0.22565%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.6.0.22645%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.7%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.7.0.22904%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.7.0.23054%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.8%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.8.0.23214%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.8.0.23281%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.9%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=42.9.0.23494%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=43.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=43.1.0.24716%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=43.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=43.2.0.25157%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=43.2.0.25211%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=43.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=43.3.0.25468%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=43.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=43.4.0.25788%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Unprotected%20Transport%20of%20Credentials&color=brightgreen)

### Description

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.

 This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-20395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20395)`
			`![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Webex%20Teams&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.13464.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.13538.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.13588.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.14154.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.14234.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.14375.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.14741.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.14866.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.15015.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.15036.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.15092.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.15131.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.15164.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.15221.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.15333.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.15410.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.15485.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.15645.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.15711.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.16040.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.16269.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.16273.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.16285.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.1.57%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.1.92%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.10%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.10.343%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.11.211%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.12%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.12.236%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.13%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.13.200%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.14%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.15%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.16%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.17%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.18%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.19%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.2%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.2.42%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.2.75%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.20%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.3%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.4%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.5%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.5.224%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.6%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.6.197%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.7.78%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.8%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.8.170%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.9%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.9.205%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.9.252%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.9.269%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.1.0.169%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.1.0.21190%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.1.0.2219%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.10%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.10.0.23814%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.10.0.24000%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.11%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.11.0.24187%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.12%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.12.0.24485%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.2%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.2.0.21338%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.2.0.21486%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.3%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.3.0.21576%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.4.1.22032%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.5.0.22259%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.6%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.6.0.22565%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.6.0.22645%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.7%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.7.0.22904%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.7.0.23054%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.8%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.8.0.23214%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.8.0.23281%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.9%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=42.9.0.23494%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=43.1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=43.1.0.24716%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=43.2%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=43.2.0.25157%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=43.2.0.25211%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=43.3%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=43.3.0.25468%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=43.4%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=43.4.0.25788%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Unprotected%20Transport%20of%20Credentials&color=brightgreen)`

			`### Description`

			A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`