Sign-up

ID

VAR-202008-0833


CVE

CVE-2020-3502


TITLE

Cisco Webex Meetings Desktop Input validation vulnerabilities in applications

Trust: 0.8

sources: JVNDB: JVNDB-2020-009452

DESCRIPTION

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users. Cisco Webex Meetings Desktop The application contains an input verification vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-3502 // JVNDB: JVNDB-2020-009452 // VULHUB: VHN-181627

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetingsscope:ltversion:40.4.6

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:4.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:gteversion:40.4.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:ltversion:39.5.24

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:eqversion:39.7.4

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:gteversion:40.4.10

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:ltversion:40.6.0

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009452 // NVD: CVE-2020-3502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3502
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3502
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-009452
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-151
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181627
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3502
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009452
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181627
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3502
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-009452
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181627 // JVNDB: JVNDB-2020-009452 // CNNVD: CNNVD-202008-151 // NVD: CVE-2020-3502 // NVD: CVE-2020-3502

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181627 // JVNDB: JVNDB-2020-009452 // NVD: CVE-2020-3502

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-151

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-151

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009452

PATCH
title:cisco-sa-webex-client-g3zevBcpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-g3zevBcp
Trust: 0.8
title:Cisco Webex Meetings Desktop App Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125491
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009452 // 
            
            
            
            CNNVD: CNNVD-202008-151

EXTERNAL IDS
db:NVDid:CVE-2020-3502
Trust: 2.5
db:JVNDBid:JVNDB-2020-009452
Trust: 0.8
db:CNNVDid:CNNVD-202008-151
Trust: 0.7
db:AUSCERTid:ESB-2020.2683
Trust: 0.6
db:CNVDid:CNVD-2020-45577
Trust: 0.1
db:VULHUBid:VHN-181627
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181627 // 
            
            
            
            JVNDB: JVNDB-2020-009452 // 
            
            
            
            CNNVD: CNNVD-202008-151 // 
            
            
            
            NVD: CVE-2020-3502

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-client-g3zevbcp
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3502
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3502
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2683/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181627 // 
            
            
            
            JVNDB: JVNDB-2020-009452 // 
            
            
            
            CNNVD: CNNVD-202008-151 // 
            
            
            
            NVD: CVE-2020-3502

SOURCES
db:VULHUBid:VHN-181627
db:JVNDBid:JVNDB-2020-009452
db:CNNVDid:CNNVD-202008-151
db:NVDid:CVE-2020-3502

LAST UPDATE DATE
2024-11-23T22:55:05.413000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181627date:2020-08-19T00:00:00
db:JVNDBid:JVNDB-2020-009452date:2020-11-06T02:02:19
db:CNNVDid:CNNVD-202008-151date:2020-08-20T00:00:00
db:NVDid:CVE-2020-3502date:2024-11-21T05:31:12.200

SOURCES RELEASE DATE
db:VULHUBid:VHN-181627date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009452date:2020-11-06T02:02:19
db:CNNVDid:CNNVD-202008-151date:2020-08-05T00:00:00
db:NVDid:CVE-2020-3502date:2020-08-17T18:15:14.103