Sign-up

ID

VAR-202008-0820


CVE

CVE-2020-3472


TITLE

Cisco Webex Meetings Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009450

DESCRIPTION

A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses. Cisco Webex Meetings There is an information leakage vulnerability in.Information may be obtained. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

Trust: 1.8

sources: NVD: CVE-2020-3472 // JVNDB: JVNDB-2020-009450 // VULHUB: VHN-181597 // VULMON: CVE-2020-3472

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings onlinescope:ltversion:40.7.0

Trust: 1.0

vendor:ciscomodel:webex meetings onlinescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009450 // NVD: CVE-2020-3472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3472
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3472
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-009450
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-157
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181597
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3472
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3472
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-009450
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181597
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3472
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-009450
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181597 // VULMON: CVE-2020-3472 // JVNDB: JVNDB-2020-009450 // CNNVD: CNNVD-202008-157 // NVD: CVE-2020-3472 // NVD: CVE-2020-3472

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-863

Trust: 1.1

sources: VULHUB: VHN-181597 // JVNDB: JVNDB-2020-009450 // NVD: CVE-2020-3472

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-157

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202008-157

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009450

PATCH
title:cisco-sa-webex-mAkmV4qcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-mAkmV4qc
Trust: 0.8
title:Cisco Webex Meetings Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125497
Trust: 0.6
title:Cisco: Cisco Webex Meetings User Email Address Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-mAkmV4qc
Trust: 0.1
title:CVE-2020-3472url:https://github.com/AlAIAL90/CVE-2020-3472 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3472 // 
            
            
            
            JVNDB: JVNDB-2020-009450 // 
            
            
            
            CNNVD: CNNVD-202008-157

EXTERNAL IDS
db:NVDid:CVE-2020-3472
Trust: 2.6
db:JVNDBid:JVNDB-2020-009450
Trust: 0.8
db:CNNVDid:CNNVD-202008-157
Trust: 0.7
db:NSFOCUSid:48474
Trust: 0.6
db:AUSCERTid:ESB-2020.2682
Trust: 0.6
db:CNVDid:CNVD-2020-44860
Trust: 0.1
db:VULHUBid:VHN-181597
Trust: 0.1
db:VULMONid:CVE-2020-3472
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181597 // 
            
            
            
            VULMON: CVE-2020-3472 // 
            
            
            
            JVNDB: JVNDB-2020-009450 // 
            
            
            
            CNNVD: CNNVD-202008-157 // 
            
            
            
            NVD: CVE-2020-3472

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-makmv4qc
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2020-3472
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3472
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2682/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48474
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/863.html
Trust: 0.1
url:https://github.com/alaial90/cve-2020-3472
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181597 // 
            
            
            
            VULMON: CVE-2020-3472 // 
            
            
            
            JVNDB: JVNDB-2020-009450 // 
            
            
            
            CNNVD: CNNVD-202008-157 // 
            
            
            
            NVD: CVE-2020-3472

SOURCES
db:VULHUBid:VHN-181597
db:VULMONid:CVE-2020-3472
db:JVNDBid:JVNDB-2020-009450
db:CNNVDid:CNNVD-202008-157
db:NVDid:CVE-2020-3472

LAST UPDATE DATE
2024-11-23T21:59:07.182000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181597date:2021-08-06T00:00:00
db:VULMONid:CVE-2020-3472date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-009450date:2020-11-06T02:02:16
db:CNNVDid:CNNVD-202008-157date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3472date:2024-11-21T05:31:08.320

SOURCES RELEASE DATE
db:VULHUBid:VHN-181597date:2020-08-17T00:00:00
db:VULMONid:CVE-2020-3472date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009450date:2020-11-06T02:02:16
db:CNNVDid:CNNVD-202008-157date:2020-08-05T00:00:00
db:NVDid:CVE-2020-3472date:2020-08-17T18:15:13.790