Sign-up

ID

VAR-202006-1155


CVE

CVE-2020-3361


TITLE

Cisco Webex Meetings and Webex Meetings Server Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006924

DESCRIPTION

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site. (DoS) It may be put into a state. Cisco WebEx Meetings Server is a set of multi-functional conference solutions including audio, video and Web conference in the WebEx conference solution. Cisco Webex Meetings is a set of video conferencing solutions

Trust: 1.71

sources: NVD: CVE-2020-3361 // JVNDB: JVNDB-2020-006924 // VULHUB: VHN-181486

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetingsscope:eqversion:40.6.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:lteversion:39.5.25

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:ltversion:4.0

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:4.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:lteversion:40.4.10

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:gteversion:40.1.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006924 // NVD: CVE-2020-3361

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3361
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3361
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006924
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202006-1171
value: CRITICAL

Trust: 0.6

VULHUB: VHN-181486
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3361
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006924
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181486
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3361
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3361
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006924
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181486 // JVNDB: JVNDB-2020-006924 // CNNVD: CNNVD-202006-1171 // NVD: CVE-2020-3361 // NVD: CVE-2020-3361

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-181486 // JVNDB: JVNDB-2020-006924 // NVD: CVE-2020-3361

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1171

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202006-1171

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006924

PATCH
title:cisco-sa-webex-token-zPvEjKNurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-token-zPvEjKN
Trust: 0.8
title:Cisco Webex Meetings  and WebEx Meetings Server Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122552
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006924 // 
            
            
            
            CNNVD: CNNVD-202006-1171

EXTERNAL IDS
db:NVDid:CVE-2020-3361
Trust: 2.5
db:JVNDBid:JVNDB-2020-006924
Trust: 0.8
db:CNNVDid:CNNVD-202006-1171
Trust: 0.7
db:AUSCERTid:ESB-2020.2118
Trust: 0.6
db:NSFOCUSid:47185
Trust: 0.6
db:CNVDid:CNVD-2020-35158
Trust: 0.1
db:VULHUBid:VHN-181486
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181486 // 
            
            
            
            JVNDB: JVNDB-2020-006924 // 
            
            
            
            CNNVD: CNNVD-202006-1171 // 
            
            
            
            NVD: CVE-2020-3361

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-token-zpvejkn
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3361
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3361
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2118/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47185
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181486 // 
            
            
            
            JVNDB: JVNDB-2020-006924 // 
            
            
            
            CNNVD: CNNVD-202006-1171 // 
            
            
            
            NVD: CVE-2020-3361

SOURCES
db:VULHUBid:VHN-181486
db:JVNDBid:JVNDB-2020-006924
db:CNNVDid:CNNVD-202006-1171
db:NVDid:CVE-2020-3361

LAST UPDATE DATE
2024-11-23T23:11:24.480000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181486date:2020-06-24T00:00:00
db:JVNDBid:JVNDB-2020-006924date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1171date:2020-07-20T00:00:00
db:NVDid:CVE-2020-3361date:2024-11-21T05:30:52.717

SOURCES RELEASE DATE
db:VULHUBid:VHN-181486date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006924date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1171date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3361date:2020-06-18T03:15:14.497