Sign-up

ID

VAR-202008-0832


CVE

CVE-2020-3501


TITLE

Cisco Webex Meetings Desktop Input validation vulnerabilities in applications

Trust: 0.8

sources: JVNDB: JVNDB-2020-009451

DESCRIPTION

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users. Cisco Webex Meetings Desktop The application contains an input verification vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-3501 // JVNDB: JVNDB-2020-009451 // VULHUB: VHN-181626

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetingsscope:ltversion:40.4.6

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:4.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:gteversion:40.4.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:ltversion:39.5.24

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:eqversion:39.7.4

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:gteversion:40.4.10

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:ltversion:40.6.0

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009451 // NVD: CVE-2020-3501

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3501
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3501
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-009451
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-155
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181626
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3501
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009451
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181626
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3501
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-009451
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181626 // JVNDB: JVNDB-2020-009451 // CNNVD: CNNVD-202008-155 // NVD: CVE-2020-3501 // NVD: CVE-2020-3501

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181626 // JVNDB: JVNDB-2020-009451 // NVD: CVE-2020-3501

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-155

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-155

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009451

PATCH
title:cisco-sa-webex-client-g3zevBcpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-g3zevBcp
Trust: 0.8
title:Cisco Webex Meetings Desktop App Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125495
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009451 // 
            
            
            
            CNNVD: CNNVD-202008-155

EXTERNAL IDS
db:NVDid:CVE-2020-3501
Trust: 2.5
db:JVNDBid:JVNDB-2020-009451
Trust: 0.8
db:CNNVDid:CNNVD-202008-155
Trust: 0.7
db:AUSCERTid:ESB-2020.2683
Trust: 0.6
db:CNVDid:CNVD-2020-45578
Trust: 0.1
db:VULHUBid:VHN-181626
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181626 // 
            
            
            
            JVNDB: JVNDB-2020-009451 // 
            
            
            
            CNNVD: CNNVD-202008-155 // 
            
            
            
            NVD: CVE-2020-3501

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-client-g3zevbcp
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3501
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3501
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2683/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181626 // 
            
            
            
            JVNDB: JVNDB-2020-009451 // 
            
            
            
            CNNVD: CNNVD-202008-155 // 
            
            
            
            NVD: CVE-2020-3501

SOURCES
db:VULHUBid:VHN-181626
db:JVNDBid:JVNDB-2020-009451
db:CNNVDid:CNNVD-202008-155
db:NVDid:CVE-2020-3501

LAST UPDATE DATE
2024-11-23T22:55:05.438000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181626date:2020-08-19T00:00:00
db:JVNDBid:JVNDB-2020-009451date:2020-11-06T02:02:17
db:CNNVDid:CNNVD-202008-155date:2020-08-20T00:00:00
db:NVDid:CVE-2020-3501date:2024-11-21T05:31:12.060

SOURCES RELEASE DATE
db:VULHUBid:VHN-181626date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009451date:2020-11-06T02:02:17
db:CNNVDid:CNNVD-202008-155date:2020-08-05T00:00:00
db:NVDid:CVE-2020-3501date:2020-08-17T18:15:13.993