9.8
CVE-2026-20184
- EPSS 0.07%
- Veröffentlicht 15.04.2026 16:03:59
- Zuletzt bearbeitet 17.04.2026 15:09:46
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Webex Meetings Certificate Validation Vulnerability
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Webex Meetings
Default Statusunknown
Version
39.7.7
Status
affected
Version
39.9
Status
affected
Version
40.4.10
Status
affected
Version
39.6
Status
affected
Version
40.6.2
Status
affected
Version
39.8.2
Status
affected
Version
39.8.4
Status
affected
Version
40.1
Status
affected
Version
39.11
Status
affected
Version
39.7.4
Status
affected
Version
39.9.1
Status
affected
Version
40.4
Status
affected
Version
40.6
Status
affected
Version
39.7
Status
affected
Version
39.8
Status
affected
Version
39.8.3
Status
affected
Version
40.2
Status
affected
Version
39.10
Status
affected
Version
42.6
Status
affected
Version
42.7
Status
affected
Version
42.8
Status
affected
Version
42.9
Status
affected
Version
42.10
Status
affected
Version
42.11
Status
affected
Version
42.12
Status
affected
Version
43.1
Status
affected
Version
43.2
Status
affected
Version
43.3
Status
affected
Version
43.4
Status
affected
Version
43.4.1
Status
affected
Version
43.4.2
Status
affected
Version
43.5.0
Status
affected
Version
43.6.0
Status
affected
Version
43.6.1
Status
affected
Version
43.7
Status
affected
Version
43.8
Status
affected
Version
43.9
Status
affected
Version
43.10
Status
affected
Version
43.11
Status
affected
Version
43.12
Status
affected
Version
44.1
Status
affected
Version
44.2
Status
affected
Version
44.3
Status
affected
Version
44.4
Status
affected
Version
44.5
Status
affected
Version
44.6
Status
affected
Version
44.7
Status
affected
Version
44.8
Status
affected
Version
44.9
Status
affected
Version
44.10
Status
affected
Version
44.11
Status
affected
Version
44.12
Status
affected
Version
45.1
Status
affected
Version
45.2
Status
affected
Version
45.3
Status
affected
Version
45.4
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.205 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.