Sign-up

ID

VAR-202011-1012


CVE

CVE-2020-3419


TITLE

Cisco Webex Meetings  and  Cisco Webex Meetings Server  Vulnerability in improper control of dynamically manipulated code resources in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013742

DESCRIPTION

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

Trust: 1.71

sources: NVD: CVE-2020-3419 // JVNDB: JVNDB-2020-013742 // VULHUB: VHN-181544

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:ltversion:3.0

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:4.0

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco webex meetings serverscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco webex meetings serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013742 // NVD: CVE-2020-3419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3419
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3419
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3419
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202011-1611
value: CRITICAL

Trust: 0.6

VULHUB: VHN-181544
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3419
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181544
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3419
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3419
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-3419
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181544 // JVNDB: JVNDB-2020-013742 // CNNVD: CNNVD-202011-1611 // NVD: CVE-2020-3419 // NVD: CVE-2020-3419

PROBLEMTYPE DATA

problemtype:CWE-913

Trust: 1.1

problemtype:Improper control of dynamically manipulated code resources (CWE-913) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181544 // JVNDB: JVNDB-2020-013742 // NVD: CVE-2020-3419

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1611

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1611

PATCH

title:cisco-sa-webex-auth-token-3vg57A5rurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-auth-token-3vg57A5r

Trust: 0.8

title:Cisco Webex Meetings Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135509

Trust: 0.6

sources: JVNDB: JVNDB-2020-013742 // CNNVD: CNNVD-202011-1611

EXTERNAL IDS

db:NVDid:CVE-2020-3419

Trust: 2.5

db:JVNDBid:JVNDB-2020-013742

Trust: 0.8

db:AUSCERTid:ESB-2020.4095.2

Trust: 0.6

db:CNNVDid:CNNVD-202011-1611

Trust: 0.6

db:VULHUBid:VHN-181544

Trust: 0.1

sources: VULHUB: VHN-181544 // JVNDB: JVNDB-2020-013742 // CNNVD: CNNVD-202011-1611 // NVD: CVE-2020-3419

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-auth-token-3vg57a5r

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3419

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.4095.2/

Trust: 0.6

sources: VULHUB: VHN-181544 // JVNDB: JVNDB-2020-013742 // CNNVD: CNNVD-202011-1611 // NVD: CVE-2020-3419

SOURCES

db:VULHUBid:VHN-181544
db:JVNDBid:JVNDB-2020-013742
db:CNNVDid:CNNVD-202011-1611
db:NVDid:CVE-2020-3419

LAST UPDATE DATE

2024-11-23T21:51:08.861000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181544date:2020-12-01T00:00:00
db:JVNDBid:JVNDB-2020-013742date:2021-07-13T07:51:00
db:CNNVDid:CNNVD-202011-1611date:2020-12-02T00:00:00
db:NVDid:CVE-2020-3419date:2024-11-21T05:31:00.900

SOURCES RELEASE DATE

db:VULHUBid:VHN-181544date:2020-11-18T00:00:00
db:JVNDBid:JVNDB-2020-013742date:2021-07-13T00:00:00
db:CNNVDid:CNNVD-202011-1611date:2020-11-18T00:00:00
db:NVDid:CVE-2020-3419date:2020-11-18T19:15:12.350