CVE-2020-3502
Last modified
CVE-2020-3502 is a medium-severity vulnerability rated 4.1/10 on the CVSS scale. Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. EPSS estimates a 1.02% chance of exploitation in the next 30 days.
Description
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Webex Meetings | < 39.5.24 |
| Cisco | Webex Meetings | >= 40.4.0, < 40.4.6 |
| Cisco | Webex Meetings | >= 40.4.10, < 40.6.0 |
| Cisco | Webex Meetings | 39.7.4 |
| Cisco | Webex Meetings Server | 3.0 |
| Cisco | Webex Meetings Server | 4.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-3502?
How severe is CVE-2020-3502?
How do I fix CVE-2020-3502?
Are you affected by CVE-2020-3502?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST