Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-3142 |
CWE-ID | CWE-284 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco Webex Meetings Suite Client/Desktop applications / Other client software Cisco Webex Meetings Online Server applications / Conferencing, Collaboration and VoIP solutions |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU24661
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3142
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to unintended meeting information exposure in a specific meeting join flow for mobile applications. A remote attacker can join the
password-protected meeting without providing the meeting password.
This vulnerability can be exploited by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Webex Meetings Suite: before 40.1.3
Cisco Webex Meetings Online: before 40.1.3
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.