Strix
26.1K

CVE-2020-3472

MEDIUMCVSS 5/10EPSS 1.13%

Last modified

CVE-2020-3472 is a medium-severity vulnerability rated 5/10 on the CVSS scale. A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. EPSS estimates a 1.13% chance of exploitation in the next 30 days.

Description

A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses.

Metrics

CVSS 3.1
5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

EPSS Probability
1.13%

62.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoWebex Meetings Online< 40.7.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-3472?
A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses.
How severe is CVE-2020-3472?
CVE-2020-3472 has a CVSS score of 5/10 (MEDIUM severity). The EPSS model estimates a 1.13% probability of exploitation in the next 30 days.
How do I fix CVE-2020-3472?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-3472?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST