4.4
CVE-2020-3541
- EPSS 0.06%
- Veröffentlicht 04.09.2020 03:15:10
- Zuletzt bearbeitet 21.11.2024 05:31:16
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Webex Meetings SwPlatformwindows Version < 39.5.25
Cisco ≫ Webex Meetings SwEditiondesktop SwPlatformwindows Version < 39.5.25
Cisco ≫ Webex Meetings SwPlatformwindows Version >= 40.6.0 < 40.6.6
Cisco ≫ Webex Meetings SwEditiondesktop SwPlatformwindows Version >= 40.6.0 < 40.6.6
Cisco ≫ Webex Teams SwPlatformwindows Version < 3.0.15711.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.162 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 0.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| psirt@cisco.com | 4.4 | 0.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.