Multiple vulnerabilities in Cisco Webex Meetings and Cisco Webex Meetings Server



Published: 2020-11-19
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2020-3441
CVE-2020-3471
CVE-2020-3419
CWE ID CWE-200
CWE-913
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Cisco Webex Meetings
Server applications / Conferencing, Collaboration and VoIP solutions

Cisco WebEx Meetings Server
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor Cisco Systems, Inc

Security Advisory

1) Information disclosure

Risk: Medium

CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3441

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to insufficient protection of sensitive participant information. A remote attacker can browse the Webex roster to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Webex Meetings: 40.6.0

Cisco WebEx Meetings Server: 3.0MR3 Patch 4, before 3.0MR3 Patch 5, 4.0MR3 Patch 4

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-infodisc-4tvQzn4

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

Risk: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3471

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a synchronization issue between meeting and media services on a vulnerable Webex site. A remote attacker can send specially crafted requests to maintain the audio connection of a Webex session despite being expelled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco WebEx Meetings Server: 3.0MR3 Patch 4, 4.0MR3 Patch 3, before 3.0MR3 Patch 5, 4.0MR3 Patch 4

Cisco Webex Meetings: 39.5.25, 40.6.10, 40.9.5

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-info-leak-PhpzB3sG

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Control of Dynamically-Managed Code Resources

Risk: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3419

CWE-ID: CWE-913 - Improper Control of Dynamically-Managed Code Resources

Exploit availability: No

Description

The vulnerability allows a remote attacker to join a Webex session without appearing on the participant list.

The vulnerability exists due to improper handling of authentication tokens by a vulnerable Webex site. A remote attacker can send specially crafted requests and join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco WebEx Meetings Server: 3.0MR3 Patch 4, 4.0MR3 Patch 3, before 3.0MR3 Patch 5, 4.0MR3 Patch 4

Cisco Webex Meetings: 40.10.9

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-auth-token-3vg57A5r

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.