Sign-up

ID

VAR-202008-0805


CVE

CVE-2020-3440


TITLE

Windows for Cisco Webex Meetings Desktop Path traversal vulnerabilities in applications

Trust: 0.8

sources: JVNDB: JVNDB-2020-010412

DESCRIPTION

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files. Windows for Cisco Webex Meetings Desktop An application contains a path traversal vulnerability.Information may be tampered with. Both Cisco Webex Meetings Desktop App and Cisco Webex Meetings are products of Cisco. Cisco Webex Meetings is a set of video conferencing solutions

Trust: 1.8

sources: NVD: CVE-2020-3440 // JVNDB: JVNDB-2020-010412 // VULHUB: VHN-181565 // VULMON: CVE-2020-3440

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetingsscope:ltversion:40.8

Trust: 1.0

vendor:ciscomodel:webex meetings desktopscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010412 // NVD: CVE-2020-3440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3440
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3440
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-010412
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-973
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181565
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3440
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3440
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010412
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181565
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3440
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3440
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-010412
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181565 // VULMON: CVE-2020-3440 // JVNDB: JVNDB-2020-010412 // CNNVD: CNNVD-202008-973 // NVD: CVE-2020-3440 // NVD: CVE-2020-3440

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-181565 // JVNDB: JVNDB-2020-010412 // NVD: CVE-2020-3440

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-973

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202008-973

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010412

PATCH
title:cisco-sa-webex-desktop-app-OVSfpVMjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-desktop-app-OVSfpVMj
Trust: 0.8
title:Cisco Webex Meetings Desktop App Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126769
Trust: 0.6
title:Cisco: Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-desktop-app-OVSfpVMj
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3440 // 
            
            
            
            JVNDB: JVNDB-2020-010412 // 
            
            
            
            CNNVD: CNNVD-202008-973

EXTERNAL IDS
db:NVDid:CVE-2020-3440
Trust: 2.6
db:JVNDBid:JVNDB-2020-010412
Trust: 0.8
db:CNNVDid:CNNVD-202008-973
Trust: 0.7
db:NSFOCUSid:49093
Trust: 0.6
db:AUSCERTid:ESB-2020.2858
Trust: 0.6
db:CNVDid:CNVD-2020-50561
Trust: 0.1
db:VULHUBid:VHN-181565
Trust: 0.1
db:VULMONid:CVE-2020-3440
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181565 // 
            
            
            
            VULMON: CVE-2020-3440 // 
            
            
            
            JVNDB: JVNDB-2020-010412 // 
            
            
            
            CNNVD: CNNVD-202008-973 // 
            
            
            
            NVD: CVE-2020-3440

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-desktop-app-ovsfpvmj
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-3440
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3440
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2858/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/49093
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/22.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181565 // 
            
            
            
            VULMON: CVE-2020-3440 // 
            
            
            
            JVNDB: JVNDB-2020-010412 // 
            
            
            
            CNNVD: CNNVD-202008-973 // 
            
            
            
            NVD: CVE-2020-3440

SOURCES
db:VULHUBid:VHN-181565
db:VULMONid:CVE-2020-3440
db:JVNDBid:JVNDB-2020-010412
db:CNNVDid:CNNVD-202008-973
db:NVDid:CVE-2020-3440

LAST UPDATE DATE
2024-11-23T22:40:58.670000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181565date:2020-09-02T00:00:00
db:VULMONid:CVE-2020-3440date:2020-09-02T00:00:00
db:JVNDBid:JVNDB-2020-010412date:2021-01-14T03:06:01
db:CNNVDid:CNNVD-202008-973date:2020-09-25T00:00:00
db:NVDid:CVE-2020-3440date:2024-11-21T05:31:04.303

SOURCES RELEASE DATE
db:VULHUBid:VHN-181565date:2020-08-26T00:00:00
db:VULMONid:CVE-2020-3440date:2020-08-26T00:00:00
db:JVNDBid:JVNDB-2020-010412date:2021-01-14T03:06:01
db:CNNVDid:CNNVD-202008-973date:2020-08-19T00:00:00
db:NVDid:CVE-2020-3440date:2020-08-26T17:15:13.490