{ "id": "CVE-2020-3501", "sourceIdentifier": "ykramarz@cisco.com", "published": "2020-08-17T18:15:13.993", "lastModified": "2020-08-19T19:15:45.733", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades en la interfaz de usuario de Cisco Webex Meetings Desktop App podr\u00edan permitir a un atacante remoto autenticado obtener informaci\u00f3n restringida de otros usuarios de Webex. Estas vulnerabilidades son debido a una comprobaci\u00f3n de entrada inapropiada de los par\u00e1metros devueltos a la aplicaci\u00f3n desde un sitio web. Un atacante con una cuenta de Webex v\u00e1lida podr\u00eda explotar estas vulnerabilidades al persuadir a un usuario a seguir una URL dise\u00f1ada para devolver par\u00e1metros de ruta maliciosos al software afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener informaci\u00f3n restringida de otros usuarios de Webex." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.3, "impactScore": 1.4 } ], "cvssMetricV30": [ { "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.3, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.5 }, "baseSeverity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] }, { "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*", "versionEndExcluding": "39.5.24", "matchCriteriaId": "5FDF9D9B-D876-4C89-AE65-1F54EF19B2AC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*", "versionStartIncluding": "40.4.0", "versionEndExcluding": "40.4.6", "matchCriteriaId": "A54DDCE9-2907-4833-97BE-197726344481" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*", "versionStartIncluding": "40.4.10", "versionEndExcluding": "40.6.0", "matchCriteriaId": "99F3A597-ABD0-4404-AF49-CEC9650C3FB0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:webex_meetings:39.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A9F521F-5D30-4DE7-A308-D1EC7F17C5FB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*", "matchCriteriaId": "61D1081F-87E8-4E8B-BEBD-0F239E745586" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*", "matchCriteriaId": "8D138973-02B0-4FEC-A646-FF1278DA1EDF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*", "matchCriteriaId": "30B55A5B-8C5E-4ECB-9C85-A8A3A3030850" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*", "matchCriteriaId": "14DBEC10-0641-441C-BE15-8F72C1762DCE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*", "matchCriteriaId": "4D6CF856-093A-4E89-A71D-50A2887C265B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*", "matchCriteriaId": "B36A9043-0621-43CD-BFCD-66529F937859" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*", "matchCriteriaId": "8842B42E-C412-4356-9F54-DFC53B683D3E" } ] } ] } ], "references": [ { "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-g3zevBcp", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] } ] }