ID

VAR-202006-1111


CVE

CVE-2020-3263


TITLE

Cisco Webex Meetings Desktop Input validation vulnerabilities in applications

Trust: 0.8

sources: JVNDB: JVNDB-2020-006868

DESCRIPTION

A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system. Cisco Webex Meetings Desktop The application contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2020-3263 // JVNDB: JVNDB-2020-006868 // VULHUB: VHN-181388 // VULMON: CVE-2020-3263

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetingsscope:ltversion:39.5.12

Trust: 1.0

vendor:ciscomodel:webex meetings desktopscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006868 // NVD: CVE-2020-3263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3263
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3263
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006868
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-1170
value: HIGH

Trust: 0.6

VULHUB: VHN-181388
value: HIGH

Trust: 0.1

VULMON: CVE-2020-3263
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3263
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006868
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181388
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3263
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3263
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006868
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181388 // VULMON: CVE-2020-3263 // JVNDB: JVNDB-2020-006868 // CNNVD: CNNVD-202006-1170 // NVD: CVE-2020-3263 // NVD: CVE-2020-3263

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181388 // JVNDB: JVNDB-2020-006868 // NVD: CVE-2020-3263

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1170

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1170

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:cisco:webex_meetings_desktop"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2020-006868

PATCH

title:cisco-sa-webex-client-url-fcmpdfVYurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-url-fcmpdfVY

Trust: 0.8

title:Cisco Webex Meetings Desktop App Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121863

Trust: 0.6

title:Cisco: Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-client-url-fcmpdfVY

Trust: 0.1

title:CVE-2020-3263url:https://github.com/AlAIAL90/CVE-2020-3263

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-webex-router-code-execution/156706/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/cisco-fixes-severe-flaws-in-webex-meetings-for-windows-macos/

Trust: 0.1

sources: VULMON: CVE-2020-3263 // JVNDB: JVNDB-2020-006868 // CNNVD: CNNVD-202006-1170

EXTERNAL IDS

db:NVDid:CVE-2020-3263

Trust: 2.6

db:JVNDBid:JVNDB-2020-006868

Trust: 0.8

db:CNNVDid:CNNVD-202006-1170

Trust: 0.7

db:AUSCERTid:ESB-2020.2116.4

Trust: 0.6

db:AUSCERTid:ESB-2020.2116.3

Trust: 0.6

db:AUSCERTid:ESB-2020.2116

Trust: 0.6

db:AUSCERTid:ESB-2020.2116.2

Trust: 0.6

db:NSFOCUSid:47184

Trust: 0.6

db:CNVDid:CNVD-2020-34287

Trust: 0.1

db:VULHUBid:VHN-181388

Trust: 0.1

db:VULMONid:CVE-2020-3263

Trust: 0.1

sources: VULHUB: VHN-181388 // VULMON: CVE-2020-3263 // JVNDB: JVNDB-2020-006868 // CNNVD: CNNVD-202006-1170 // NVD: CVE-2020-3263

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-client-url-fcmpdfvy

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-3263

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3263

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2116.3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2116.4/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2116/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2116.2/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47184

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/alaial90/cve-2020-3263

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/cisco-webex-router-code-execution/156706/

Trust: 0.1

sources: VULHUB: VHN-181388 // VULMON: CVE-2020-3263 // JVNDB: JVNDB-2020-006868 // CNNVD: CNNVD-202006-1170 // NVD: CVE-2020-3263

SOURCES

db:VULHUBid:VHN-181388
db:VULMONid:CVE-2020-3263
db:JVNDBid:JVNDB-2020-006868
db:CNNVDid:CNNVD-202006-1170
db:NVDid:CVE-2020-3263

LAST UPDATE DATE

2024-11-23T21:35:43.930000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181388date:2021-09-17T00:00:00
db:VULMONid:CVE-2020-3263date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2020-006868date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1170date:2020-08-13T00:00:00
db:NVDid:CVE-2020-3263date:2024-11-21T05:30:41.030

SOURCES RELEASE DATE

db:VULHUBid:VHN-181388date:2020-06-18T00:00:00
db:VULMONid:CVE-2020-3263date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006868date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1170date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3263date:2020-06-18T03:15:11.853