Main Vulnerability Database SB2020090404

SB2020090404 - Information disclosure in Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App and Webex Teams

Published: September 4, 2020

Security Bulletin ID SB2020090404

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: CVE-2020-3541)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to unsafe logging of authentication requests by the affected software. A local administrator can read log files that are stored in the application directory and gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-media-znjfwHD6