7.3

CVE-2024-20395

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.

 This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Data is provided by the National Vulnerability Database (NVD)
CiscoWebex Teams Version3.0.13464.0 SwPlatform-
CiscoWebex Teams Version3.0.13538.0 SwPlatform-
CiscoWebex Teams Version3.0.13588.0 SwPlatform-
CiscoWebex Teams Version3.0.14154.0 SwPlatform-
CiscoWebex Teams Version3.0.14234.0 SwPlatform-
CiscoWebex Teams Version3.0.14375.0 SwPlatform-
CiscoWebex Teams Version3.0.14741.0 SwPlatform-
CiscoWebex Teams Version3.0.14866.0 SwPlatform-
CiscoWebex Teams Version3.0.15015.0 SwPlatform-
CiscoWebex Teams Version3.0.15036.0 SwPlatform-
CiscoWebex Teams Version3.0.15092.0 SwPlatform-
CiscoWebex Teams Version3.0.15131.0 SwPlatform-
CiscoWebex Teams Version3.0.15164.0 SwPlatform-
CiscoWebex Teams Version3.0.15221.0 SwPlatform-
CiscoWebex Teams Version3.0.15333.0 SwPlatform-
CiscoWebex Teams Version3.0.15410.0 SwPlatform-
CiscoWebex Teams Version3.0.15485.0 SwPlatform-
CiscoWebex Teams Version3.0.15645.0 SwPlatform-
CiscoWebex Teams Version3.0.15711.0 SwPlatform-
CiscoWebex Teams Version3.0.16040.0 SwPlatform-
CiscoWebex Teams Version3.0.16269.0 SwPlatform-
CiscoWebex Teams Version3.0.16273.0 SwPlatform-
CiscoWebex Teams Version3.0.16285.0 SwPlatform-
CiscoWebex Teams Version4.0 SwPlatform-
CiscoWebex Teams Version4.1 SwPlatform-
CiscoWebex Teams Version4.1.57 SwPlatform-
CiscoWebex Teams Version4.1.92 SwPlatform-
CiscoWebex Teams Version4.2 SwPlatform-
CiscoWebex Teams Version4.2.42 SwPlatform-
CiscoWebex Teams Version4.2.75 SwPlatform-
CiscoWebex Teams Version4.3 SwPlatform-
CiscoWebex Teams Version4.4 SwPlatform-
CiscoWebex Teams Version4.5 SwPlatform-
CiscoWebex Teams Version4.5.224 SwPlatform-
CiscoWebex Teams Version4.6 SwPlatform-
CiscoWebex Teams Version4.6.197 SwPlatform-
CiscoWebex Teams Version4.7.78 SwPlatform-
CiscoWebex Teams Version4.8 SwPlatform-
CiscoWebex Teams Version4.8.170 SwPlatform-
CiscoWebex Teams Version4.9 SwPlatform-
CiscoWebex Teams Version4.9.205 SwPlatform-
CiscoWebex Teams Version4.9.252 SwPlatform-
CiscoWebex Teams Version4.9.269 SwPlatform-
CiscoWebex Teams Version4.10 SwPlatform-
CiscoWebex Teams Version4.10.343 SwPlatform-
CiscoWebex Teams Version4.11.211 SwPlatform-
CiscoWebex Teams Version4.12 SwPlatform-
CiscoWebex Teams Version4.12.236 SwPlatform-
CiscoWebex Teams Version4.13 SwPlatform-
CiscoWebex Teams Version4.13.200 SwPlatform-
CiscoWebex Teams Version4.14 SwPlatform-
CiscoWebex Teams Version4.15 SwPlatform-
CiscoWebex Teams Version4.16 SwPlatform-
CiscoWebex Teams Version4.17 SwPlatform-
CiscoWebex Teams Version4.18 SwPlatform-
CiscoWebex Teams Version4.19 SwPlatform-
CiscoWebex Teams Version4.20 SwPlatform-
CiscoWebex Teams Version42.1.0.169 SwPlatform-
CiscoWebex Teams Version42.1.0.2219 SwPlatform-
CiscoWebex Teams Version42.1.0.21190 SwPlatform-
CiscoWebex Teams Version42.2 SwPlatform-
CiscoWebex Teams Version42.2.0.21338 SwPlatform-
CiscoWebex Teams Version42.2.0.21486 SwPlatform-
CiscoWebex Teams Version42.3 SwPlatform-
CiscoWebex Teams Version42.3.0.21576 SwPlatform-
CiscoWebex Teams Version42.4.1.22032 SwPlatform-
CiscoWebex Teams Version42.5.0.22259 SwPlatform-
CiscoWebex Teams Version42.6 SwPlatform-
CiscoWebex Teams Version42.6.0.22565 SwPlatform-
CiscoWebex Teams Version42.6.0.22645 SwPlatform-
CiscoWebex Teams Version42.7 SwPlatform-
CiscoWebex Teams Version42.7.0.22904 SwPlatform-
CiscoWebex Teams Version42.7.0.23054 SwPlatform-
CiscoWebex Teams Version42.8 SwPlatform-
CiscoWebex Teams Version42.8.0.23214 SwPlatform-
CiscoWebex Teams Version42.8.0.23281 SwPlatform-
CiscoWebex Teams Version42.9 SwPlatform-
CiscoWebex Teams Version42.9.0.23494 SwPlatform-
CiscoWebex Teams Version42.10 SwPlatform-
CiscoWebex Teams Version42.10.0.23814 SwPlatform-
CiscoWebex Teams Version42.10.0.24000 SwPlatform-
CiscoWebex Teams Version42.11 SwPlatform-
CiscoWebex Teams Version42.11.0.24187 SwPlatform-
CiscoWebex Teams Version42.12 SwPlatform-
CiscoWebex Teams Version42.12.0.24485 SwPlatform-
CiscoWebex Teams Version43.1 SwPlatform-
CiscoWebex Teams Version43.1.0.24716 SwPlatform-
CiscoWebex Teams Version43.2 SwPlatform-
CiscoWebex Teams Version43.2.0.25157 SwPlatform-
CiscoWebex Teams Version43.2.0.25211 SwPlatform-
CiscoWebex Teams Version43.3 SwPlatform-
CiscoWebex Teams Version43.3.0.25468 SwPlatform-
CiscoWebex Teams Version43.4 SwPlatform-
CiscoWebex Teams Version43.4.0.25788 SwPlatform-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.15% 0.364
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.3 2.1 5.2
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
psirt@cisco.com 6.4 1.2 5.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE-523 Unprotected Transport of Credentials

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.