Sign-up

ID

VAR-202001-1197


CVE

CVE-2020-3142


TITLE

Cisco Webex Meetings Suite  and  Cisco Webex Meetings Online  Vulnerable to lack of authentication for important functions

Trust: 0.8

sources: JVNDB: JVNDB-2020-001461

DESCRIPTION

A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3

Trust: 1.71

sources: NVD: CVE-2020-3142 // JVNDB: JVNDB-2020-001461 // VULHUB: VHN-181267

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings onlinescope:ltversion:40.1.3

Trust: 1.0

vendor:ciscomodel:webex meetings onlinescope:ltversion:39.11.5

Trust: 1.0

vendor:シスコシステムズmodel:cisco webex meetings onlinescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco webex meetings onlinescope:ltversion:39.11.5

Trust: 0.8

vendor:シスコシステムズmodel:cisco webex meetings onlinescope:ltversion:40.1.3

Trust: 0.8

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.42

Trust: 0.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.39

Trust: 0.6

vendor:ciscomodel:webex meetings onlinescope:eqversion: -

Trust: 0.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.37

Trust: 0.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.38

Trust: 0.6

sources: JVNDB: JVNDB-2020-001461 // CNNVD: CNNVD-202001-1130 // NVD: CVE-2020-3142

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3142
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3142
value: HIGH

Trust: 1.0

NVD: CVE-2020-3142
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-1130
value: HIGH

Trust: 0.6

VULHUB: VHN-181267
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3142
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181267
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2020-3142
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3142
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-181267 // JVNDB: JVNDB-2020-001461 // CNNVD: CNNVD-202001-1130 // NVD: CVE-2020-3142 // NVD: CVE-2020-3142

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-284

Trust: 1.0

problemtype:Lack of authentication for critical functions (CWE-306) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181267 // JVNDB: JVNDB-2020-001461 // NVD: CVE-2020-3142

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1130

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202001-1130

PATCH

title:cisco-sa-20200124-webex-unauthjoinurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200124-webex-unauthjoin

Trust: 0.8

title:Cisco Webex Meetings Suite sites and Online sites Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109408

Trust: 0.6

sources: JVNDB: JVNDB-2020-001461 // CNNVD: CNNVD-202001-1130

EXTERNAL IDS

db:NVDid:CVE-2020-3142

Trust: 2.5

db:JVNDBid:JVNDB-2020-001461

Trust: 0.8

db:CNNVDid:CNNVD-202001-1130

Trust: 0.7

db:AUSCERTid:ESB-2020.0282

Trust: 0.6

db:VULHUBid:VHN-181267

Trust: 0.1

sources: VULHUB: VHN-181267 // JVNDB: JVNDB-2020-001461 // CNNVD: CNNVD-202001-1130 // NVD: CVE-2020-3142

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200124-webex-unauthjoin

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3142

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.0282/

Trust: 0.6

sources: VULHUB: VHN-181267 // JVNDB: JVNDB-2020-001461 // CNNVD: CNNVD-202001-1130 // NVD: CVE-2020-3142

SOURCES

db:VULHUBid:VHN-181267
db:JVNDBid:JVNDB-2020-001461
db:CNNVDid:CNNVD-202001-1130
db:NVDid:CVE-2020-3142

LAST UPDATE DATE

2024-11-23T21:36:13.628000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181267date:2020-01-28T00:00:00
db:JVNDBid:JVNDB-2020-001461date:2020-02-10T00:00:00
db:CNNVDid:CNNVD-202001-1130date:2020-03-03T00:00:00
db:NVDid:CVE-2020-3142date:2024-11-21T05:30:24.740

SOURCES RELEASE DATE

db:VULHUBid:VHN-181267date:2020-01-26T00:00:00
db:JVNDBid:JVNDB-2020-001461date:2020-02-10T00:00:00
db:CNNVDid:CNNVD-202001-1130date:2020-01-26T00:00:00
db:NVDid:CVE-2020-3142date:2020-01-26T05:15:17.990