Main Vulnerability Database Vulnerabilities #VU46278

#VU46278 Information disclosure in Cisco Systems, Inc products - CVE-2020-3541

Published: September 4, 2020

Vulnerability identifier: #VU46278

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3541

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Webex Meetings Client for Windows
Cisco Webex Teams
Cisco Webex Meetings Desktop App

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to unsafe logging of authentication requests by the affected software. A local administrator can read log files that are stored in the application directory and gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-media-znjfwHD6