Main Vulnerability Database Vulnerabilities #VU45795

#VU45795 Input validation error in Cisco Webex Meetings Desktop App - CVE-2020-3440

Published: August 20, 2020

Vulnerability identifier: #VU45795

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-3440

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Webex Meetings Desktop App

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to overwrite critical files on the system.

The vulnerability exists due to insufficient validation of URL parameters when handling external links within the application. A remote attacker can trick the victim to follow a specially crafted link that ones opened with Cisco Webex Meetings Desktop App for Windows may allows an attacker to overwrite arbitrary files on the system.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-desktop-app-OVSfpVMj

#VU45795 Input validation error in Cisco Webex Meetings Desktop App - CVE-2020-3440

Description

Remediation

External links

Please verify you're human