Sign-up

ID

VAR-202006-1141


CVE

CVE-2020-3342


TITLE

Mac for Cisco Webex Meetings Desktop Application validation vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-006930

DESCRIPTION

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user. Mac for Cisco Webex Meetings Desktop The application contains a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Webex Meetings Desktop App is a video conferencing control application used in the desktop environment by Cisco

Trust: 1.71

sources: NVD: CVE-2020-3342 // JVNDB: JVNDB-2020-006930 // VULHUB: VHN-181467

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetingsscope:ltversion:39.5.11

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:eqversion:desktop

Trust: 0.8

sources: JVNDB: JVNDB-2020-006930 // NVD: CVE-2020-3342

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3342
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3342
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006930
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-1166
value: HIGH

Trust: 0.6

VULHUB: VHN-181467
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3342
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006930
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181467
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3342
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3342
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006930
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181467 // JVNDB: JVNDB-2020-006930 // CNNVD: CNNVD-202006-1166 // NVD: CVE-2020-3342 // NVD: CVE-2020-3342

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-181467 // JVNDB: JVNDB-2020-006930 // NVD: CVE-2020-3342

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1166

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1166

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006930

PATCH
title:cisco-sa-webex-client-mac-X7vp65BLurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-mac-X7vp65BL
Trust: 0.8
title:Cisco Webex Meetings Desktop App Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121859
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006930 // 
            
            
            
            CNNVD: CNNVD-202006-1166

EXTERNAL IDS
db:NVDid:CVE-2020-3342
Trust: 2.5
db:JVNDBid:JVNDB-2020-006930
Trust: 0.8
db:CNNVDid:CNNVD-202006-1166
Trust: 0.7
db:AUSCERTid:ESB-2020.2116.4
Trust: 0.6
db:AUSCERTid:ESB-2020.2116.3
Trust: 0.6
db:AUSCERTid:ESB-2020.2116
Trust: 0.6
db:AUSCERTid:ESB-2020.2116.2
Trust: 0.6
db:CNVDid:CNVD-2020-34285
Trust: 0.1
db:VULHUBid:VHN-181467
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181467 // 
            
            
            
            JVNDB: JVNDB-2020-006930 // 
            
            
            
            CNNVD: CNNVD-202006-1166 // 
            
            
            
            NVD: CVE-2020-3342

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-client-mac-x7vp65bl
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3342
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3342
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2116.3/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2116.4/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2116/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2116.2/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181467 // 
            
            
            
            JVNDB: JVNDB-2020-006930 // 
            
            
            
            CNNVD: CNNVD-202006-1166 // 
            
            
            
            NVD: CVE-2020-3342

SOURCES
db:VULHUBid:VHN-181467
db:JVNDBid:JVNDB-2020-006930
db:CNNVDid:CNNVD-202006-1166
db:NVDid:CVE-2020-3342

LAST UPDATE DATE
2024-11-23T21:35:43.904000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181467date:2020-06-24T00:00:00
db:JVNDBid:JVNDB-2020-006930date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1166date:2020-08-13T00:00:00
db:NVDid:CVE-2020-3342date:2024-11-21T05:30:50.390

SOURCES RELEASE DATE
db:VULHUBid:VHN-181467date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006930date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1166date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3342date:2020-06-18T03:15:13.840