Improper access control in Cisco Webex Meetings - CVE-2020-3413

 

Improper access control in Cisco Webex Meetings - CVE-2020-3413

Published: August 5, 2020


Vulnerability identifier: #VU34074
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3413
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Webex Meetings

Detailed vulnerability description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions that allows deletion of meeting templates that belong to other users in organisation. A remote authenticated user can send a specially crafted request and delete templates that belong to other users.


How to mitigate CVE-2020-3413

Install updates from vendor's website.

Sources