CVE-2020-3347

EPSS 0.07%
Veröffentlicht 18.06.2020 03:15:13
Zuletzt bearbeitet 21.11.2024 05:30:50
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Webex Meetings SwEditiondesktop SwPlatformwindows Version < 40.4.12

Cisco ≫ Webex Meetings Version40.6.0 Update- SwEditiondesktop SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.187

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
psirt@cisco.com	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3347

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3347

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3347

EUVD