CVE-2020-3441
Last modified
CVE-2020-3441 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. EPSS estimates a 1.55% chance of exploitation in the next 30 days.
Description
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Cisco | Webex Meetings | <= 40.6.11 | — |
| Cisco | Webex Meetings | <= 40.11.3 | — |
| Cisco | Webex Meetings Server | < 3.0 | — |
| Cisco | Webex Meetings Server | 3.0 | Maintenance Release2 |
| Cisco | Webex Meetings Server | 4.0 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-3441?
How severe is CVE-2020-3441?
How do I fix CVE-2020-3441?
Are you affected by CVE-2020-3441?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST