Main Vulnerability Database Vulnerabilities #VU48560

Improper Control of Dynamically-Managed Code Resources in Cisco WebEx Meetings Server and Cisco Webex Meetings - CVE-2020-3419

Published: November 18, 2020 / Updated: November 19, 2020

Vulnerability identifier: #VU48560

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-3419

CWE-ID: CWE-913

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco WebEx Meetings Server
Cisco Webex Meetings

Detailed vulnerability description

The vulnerability allows a remote attacker to join a Webex session without appearing on the participant list.

The vulnerability exists due to improper handling of authentication tokens by a vulnerable Webex site. A remote attacker can send specially crafted requests and join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.

How to mitigate CVE-2020-3419

Install updates from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-auth-token-3vg57A5r

Improper Control of Dynamically-Managed Code Resources in Cisco WebEx Meetings Server and Cisco Webex Meetings - CVE-2020-3419

Detailed vulnerability description

How to mitigate CVE-2020-3419

Sources

Please verify you're human