Sign-up

ID

VAR-202004-1237


CVE

CVE-2020-3126


TITLE

Cisco Webex Meetings Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004016

DESCRIPTION

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cautioning users before the file is displayed; however, the former host would not see that warning dialog, and any shared multimedia would be rendered within the user's browser. The attacker could leverage this behavior to conduct additional attacks by including malicious files within a targeted room host's browser window. Cisco Webex Meetings There is an input verification vulnerability in.Information may be tampered with. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

Trust: 1.71

sources: NVD: CVE-2020-3126 // JVNDB: JVNDB-2020-004016 // VULHUB: VHN-181251

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:t39.3

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-004016 // NVD: CVE-2020-3126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3126
value: LOW

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3126
value: LOW

Trust: 1.0

NVD: JVNDB-2020-004016
value: LOW

Trust: 0.8

CNNVD: CNNVD-202004-629
value: LOW

Trust: 0.6

VULHUB: VHN-181251
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3126
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004016
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181251
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3126
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3126
baseSeverity: LOW
baseScore: 3.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.3
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004016
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181251 // JVNDB: JVNDB-2020-004016 // CNNVD: CNNVD-202004-629 // NVD: CVE-2020-3126 // NVD: CVE-2020-3126

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-284

Trust: 1.0

sources: VULHUB: VHN-181251 // JVNDB: JVNDB-2020-004016 // NVD: CVE-2020-3126

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-629

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202004-629

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004016

PATCH
title:Cisco Webex Meetings Serverurl:https://www.cisco.com/c/en/us/products/conferencing/webex-meetings-server/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004016

EXTERNAL IDS
db:NVDid:CVE-2020-3126
Trust: 2.5
db:JVNDBid:JVNDB-2020-004016
Trust: 0.8
db:CNNVDid:CNNVD-202004-629
Trust: 0.7
db:CNVDid:CNVD-2020-22854
Trust: 0.1
db:VULHUBid:VHN-181251
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181251 // 
            
            
            
            JVNDB: JVNDB-2020-004016 // 
            
            
            
            CNNVD: CNNVD-202004-629 // 
            
            
            
            NVD: CVE-2020-3126

REFERENCES
url:https://quickview.cloudapps.cisco.com/quickview/bug/cscvs24436
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3126
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3126
Trust: 0.8
sources:
            
            
            VULHUB: VHN-181251 // 
            
            
            
            JVNDB: JVNDB-2020-004016 // 
            
            
            
            CNNVD: CNNVD-202004-629 // 
            
            
            
            NVD: CVE-2020-3126

SOURCES
db:VULHUBid:VHN-181251
db:JVNDBid:JVNDB-2020-004016
db:CNNVDid:CNNVD-202004-629
db:NVDid:CVE-2020-3126

LAST UPDATE DATE
2024-11-23T22:25:32.782000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181251date:2020-04-14T00:00:00
db:JVNDBid:JVNDB-2020-004016date:2020-05-01T00:00:00
db:CNNVDid:CNNVD-202004-629date:2020-04-21T00:00:00
db:NVDid:CVE-2020-3126date:2024-11-21T05:30:22.777

SOURCES RELEASE DATE
db:VULHUBid:VHN-181251date:2020-04-13T00:00:00
db:JVNDBid:JVNDB-2020-004016date:2020-05-01T00:00:00
db:CNNVDid:CNNVD-202004-629date:2020-04-13T00:00:00
db:NVDid:CVE-2020-3126date:2020-04-13T17:15:11.093