Sign-up

ID

VAR-202006-1142


CVE

CVE-2020-3347


TITLE

Windows for Cisco Webex Meetings Desktop Information leakage vulnerabilities in applications

Trust: 0.8

sources: JVNDB: JVNDB-2020-006931

DESCRIPTION

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks

Trust: 1.71

sources: NVD: CVE-2020-3347 // JVNDB: JVNDB-2020-006931 // VULHUB: VHN-181472

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetingsscope:ltversion:40.4.12

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:eqversion:40.6.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:eqversion:desktop

Trust: 0.8

sources: JVNDB: JVNDB-2020-006931 // NVD: CVE-2020-3347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3347
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3347
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006931
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1148
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181472
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3347
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006931
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181472
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3347
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3347
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006931
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181472 // JVNDB: JVNDB-2020-006931 // CNNVD: CNNVD-202006-1148 // NVD: CVE-2020-3347 // NVD: CVE-2020-3347

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-181472 // JVNDB: JVNDB-2020-006931 // NVD: CVE-2020-3347

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1148

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202006-1148

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006931

PATCH
title:cisco-sa-webex-client-NBmqM9vturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt
Trust: 0.8
title:Cisco Webex Meetings Desktop App Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121841
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006931 // 
            
            
            
            CNNVD: CNNVD-202006-1148

EXTERNAL IDS
db:NVDid:CVE-2020-3347
Trust: 2.5
db:JVNDBid:JVNDB-2020-006931
Trust: 0.8
db:CNNVDid:CNNVD-202006-1148
Trust: 0.7
db:AUSCERTid:ESB-2021.1548
Trust: 0.6
db:AUSCERTid:ESB-2020.2116.4
Trust: 0.6
db:AUSCERTid:ESB-2020.2116.3
Trust: 0.6
db:AUSCERTid:ESB-2020.2116
Trust: 0.6
db:AUSCERTid:ESB-2020.2116.2
Trust: 0.6
db:NSFOCUSid:47485
Trust: 0.6
db:CNVDid:CNVD-2020-34290
Trust: 0.1
db:VULHUBid:VHN-181472
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181472 // 
            
            
            
            JVNDB: JVNDB-2020-006931 // 
            
            
            
            CNNVD: CNNVD-202006-1148 // 
            
            
            
            NVD: CVE-2020-3347

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-client-nbmqm9vt
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3347
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3347
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2116.3/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2116.4/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2116/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2116.2/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47485
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.1548
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181472 // 
            
            
            
            JVNDB: JVNDB-2020-006931 // 
            
            
            
            CNNVD: CNNVD-202006-1148 // 
            
            
            
            NVD: CVE-2020-3347

CREDITS
Martin Rakhmanov of Trustwave
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1148

SOURCES
db:VULHUBid:VHN-181472
db:JVNDBid:JVNDB-2020-006931
db:CNNVDid:CNNVD-202006-1148
db:NVDid:CVE-2020-3347

LAST UPDATE DATE
2024-11-23T21:35:43.879000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181472date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-006931date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1148date:2021-05-07T00:00:00
db:NVDid:CVE-2020-3347date:2024-11-21T05:30:50.997

SOURCES RELEASE DATE
db:VULHUBid:VHN-181472date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006931date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1148date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3347date:2020-06-18T03:15:13.933