9.8
CVE-2020-3361
- EPSS 1.79%
- Veröffentlicht 18.06.2020 03:15:14
- Zuletzt bearbeitet 21.11.2024 05:30:52
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Webex Meetings Version <= 39.5.25
Cisco ≫ Webex Meetings Version >= 40.1.0 <= 40.4.10
Cisco ≫ Webex Meetings Version40.6.0
Cisco ≫ Webex Meetings Server Version < 4.0
Cisco ≫ Webex Meetings Server Version4.0 Update-
Cisco ≫ Webex Meetings Server Version4.0 Updatemaintenance_release1
Cisco ≫ Webex Meetings Server Version4.0 Updatemaintenance_release2
Cisco ≫ Webex Meetings Server Version4.0 Updatemaintenance_release3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.79% | 0.812 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| psirt@cisco.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.