Details of VAR-202009-1153

ID

VAR-202009-1153

CVE

CVE-2020-3541

TITLE

plural Cisco Product leak information leak from log file

Trust: 0.8

sources: JVNDB: JVNDB-2020-010754

DESCRIPTION

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks. Cisco Webex Teams and others are products of Cisco. Cisco Webex Teams is a team collaboration application. Cisco Webex Meetings is a set of video conferencing solutions

Trust: 1.71

sources: NVD: CVE-2020-3541 // JVNDB: JVNDB-2020-010754 // VULHUB: VHN-181666

AFFECTED PRODUCTS

vendor:	cisco	model:	webex teams	scope:	lt	version:	3.0.15711.0	Trust: 1.0
vendor:	cisco	model:	webex meetings	scope:	lt	version:	39.5.25	Trust: 1.0
vendor:	cisco	model:	webex meetings	scope:	gte	version:	40.6.0	Trust: 1.0
vendor:	cisco	model:	webex meetings	scope:	lt	version:	40.6.6	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings desktop	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex teams	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-010754 // NVD: CVE-2020-3541

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3541
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3541
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-3541
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202009-105
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181666
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-3541
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-181666
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3541
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3541
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181666 // JVNDB: JVNDB-2020-010754 // CNNVD: CNNVD-202009-105 // NVD: CVE-2020-3541 // NVD: CVE-2020-3541

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.1
problemtype:	CWE-200	Trust: 1.0
problemtype:	Information leakage from log files (CWE-532) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181666 // JVNDB: JVNDB-2020-010754 // NVD: CVE-2020-3541

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-105

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202009-105

PATCH

title:

cisco-sa-webex-media-znjfwHD6

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-media-znjfwHD6

Trust: 0.8

sources: JVNDB: JVNDB-2020-010754

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3541	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-010754	Trust: 0.8
db:	CNNVD	id:	CNNVD-202009-105	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3029	Trust: 0.6
db:	NSFOCUS	id:	49083	Trust: 0.6
db:	VULHUB	id:	VHN-181666	Trust: 0.1

sources: VULHUB: VHN-181666 // JVNDB: JVNDB-2020-010754 // CNNVD: CNNVD-202009-105 // NVD: CVE-2020-3541

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-media-znjfwhd6	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3541	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3029/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/49083	Trust: 0.6

sources: VULHUB: VHN-181666 // JVNDB: JVNDB-2020-010754 // CNNVD: CNNVD-202009-105 // NVD: CVE-2020-3541

SOURCES

db:	VULHUB	id:	VHN-181666
db:	JVNDB	id:	JVNDB-2020-010754
db:	CNNVD	id:	CNNVD-202009-105
db:	NVD	id:	CVE-2020-3541

LAST UPDATE DATE

2024-11-23T22:37:14.801000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181666	date:	2020-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-010754	date:	2021-02-03T02:26:00
db:	CNNVD	id:	CNNVD-202009-105	date:	2020-09-25T00:00:00
db:	NVD	id:	CVE-2020-3541	date:	2024-11-21T05:31:16.600

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181666	date:	2020-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-010754	date:	2021-02-03T00:00:00
db:	CNNVD	id:	CNNVD-202009-105	date:	2020-09-02T00:00:00
db:	NVD	id:	CVE-2020-3541	date:	2020-09-04T03:15:10.857