9.8
CVE-2020-3361
- EPSS 1.79%
- Published 18.06.2020 03:15:14
- Last modified 21.11.2024 05:30:52
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Webex Meetings Version <= 39.5.25
Cisco ≫ Webex Meetings Version >= 40.1.0 <= 40.4.10
Cisco ≫ Webex Meetings Version40.6.0
Cisco ≫ Webex Meetings Server Version < 4.0
Cisco ≫ Webex Meetings Server Version4.0 Update-
Cisco ≫ Webex Meetings Server Version4.0 Updatemaintenance_release1
Cisco ≫ Webex Meetings Server Version4.0 Updatemaintenance_release2
Cisco ≫ Webex Meetings Server Version4.0 Updatemaintenance_release3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.79% | 0.812 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| psirt@cisco.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.