Sign-up

ID

VAR-202003-1185


CVE

CVE-2020-3182


TITLE

MacOS for Cisco Webex Meetings Client Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002479

DESCRIPTION

A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. The vulnerability exists because sensitive information is included in the mDNS reply. An attacker could exploit this vulnerability by doing an mDNS query for a particular service against an affected device. A successful exploit could allow the attacker to gain access to sensitive information. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

Trust: 1.71

sources: NVD: CVE-2020-3182 // JVNDB: JVNDB-2020-002479 // VULHUB: VHN-181307

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetingsscope:lteversion:40.1.8.5

Trust: 1.0

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetingsscope:eqversion:40.1.8.5

Trust: 0.6

sources: JVNDB: JVNDB-2020-002479 // CNNVD: CNNVD-202003-169 // NVD: CVE-2020-3182

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3182
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3182
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002479
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202003-169
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181307
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3182
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002479
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181307
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3182
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3182
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002479
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181307 // JVNDB: JVNDB-2020-002479 // CNNVD: CNNVD-202003-169 // NVD: CVE-2020-3182 // NVD: CVE-2020-3182

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-181307 // JVNDB: JVNDB-2020-002479 // NVD: CVE-2020-3182

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202003-169

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202003-169

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002479

PATCH
title:cisco-sa-webex-info-disc-OHqg982url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-info-disc-OHqg982
Trust: 0.8
title:Cisco Webex Meetings Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111106
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002479 // 
            
            
            
            CNNVD: CNNVD-202003-169

EXTERNAL IDS
db:NVDid:CVE-2020-3182
Trust: 2.5
db:JVNDBid:JVNDB-2020-002479
Trust: 0.8
db:CNNVDid:CNNVD-202003-169
Trust: 0.7
db:AUSCERTid:ESB-2020.0810
Trust: 0.6
db:VULHUBid:VHN-181307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181307 // 
            
            
            
            JVNDB: JVNDB-2020-002479 // 
            
            
            
            CNNVD: CNNVD-202003-169 // 
            
            
            
            NVD: CVE-2020-3182

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-info-disc-ohqg982
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3182
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3182
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0810/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181307 // 
            
            
            
            JVNDB: JVNDB-2020-002479 // 
            
            
            
            CNNVD: CNNVD-202003-169 // 
            
            
            
            NVD: CVE-2020-3182

SOURCES
db:VULHUBid:VHN-181307
db:JVNDBid:JVNDB-2020-002479
db:CNNVDid:CNNVD-202003-169
db:NVDid:CVE-2020-3182

LAST UPDATE DATE
2024-11-23T22:51:28.282000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181307date:2020-05-04T00:00:00
db:JVNDBid:JVNDB-2020-002479date:2020-03-17T00:00:00
db:CNNVDid:CNNVD-202003-169date:2020-03-13T00:00:00
db:NVDid:CVE-2020-3182date:2024-11-21T05:30:29.903

SOURCES RELEASE DATE
db:VULHUBid:VHN-181307date:2020-03-04T00:00:00
db:JVNDBid:JVNDB-2020-002479date:2020-03-17T00:00:00
db:CNNVDid:CNNVD-202003-169date:2020-03-04T00:00:00
db:NVDid:CVE-2020-3182date:2020-03-04T19:15:13.307