Main Vulnerability Database Vulnerabilities #VU34074

Improper access control in Cisco Webex Meetings - CVE-2020-3413

Published: August 5, 2020

Vulnerability identifier: #VU34074

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3413

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Webex Meetings

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions that allows deletion of meeting templates that belong to other users in organisation. A remote authenticated user can send a specially crafted request and delete templates that belong to other users.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-smtdelete-gJDurOgR
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu45984

Improper access control in Cisco Webex Meetings - CVE-2020-3413

Description

Remediation

External links

Please verify you're human