Details of VAR-202011-1013

ID

VAR-202011-1013

CVE

CVE-2020-3441

TITLE

Cisco Webex Meetings and Cisco Webex Meetings Server Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013500

DESCRIPTION

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby

Trust: 1.8

sources: NVD: CVE-2020-3441 // JVNDB: JVNDB-2020-013500 // VULHUB: VHN-181566 // VULMON: CVE-2020-3441

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	lt	version:	3.0	Trust: 1.0
vendor:	cisco	model:	webex meetings	scope:	lte	version:	40.11.3	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	webex meetings	scope:	lte	version:	40.6.11	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings server	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings	scope:	eq	version:	server	Trust: 0.8

sources: JVNDB: JVNDB-2020-013500 // NVD: CVE-2020-3441

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3441
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3441
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-3441
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-1646
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181566
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-3441
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3441
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-181566
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3441
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3441
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181566 // VULMON: CVE-2020-3441 // JVNDB: JVNDB-2020-013500 // CNNVD: CNNVD-202011-1646 // NVD: CVE-2020-3441 // NVD: CVE-2020-3441

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181566 // JVNDB: JVNDB-2020-013500 // NVD: CVE-2020-3441

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1646

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1646

PATCH

title:	cisco-sa-webex-infodisc-4tvQzn4	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-infodisc-4tvQzn4	Trust: 0.8
title:	Cisco Webex Meetings Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135290	Trust: 0.6
title:	Cisco: Cisco Webex Meetings and Cisco Webex Meetings Server Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-infodisc-4tvQzn4	Trust: 0.1
title:	CVE-2020-3441	url:	https://github.com/AlAIAL90/CVE-2020-3441	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-webex-flaw-snooping/161355/	Trust: 0.1

sources: VULMON: CVE-2020-3441 // JVNDB: JVNDB-2020-013500 // CNNVD: CNNVD-202011-1646

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3441	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-013500	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-1646	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.4095.2	Trust: 0.6
db:	VULHUB	id:	VHN-181566	Trust: 0.1
db:	VULMON	id:	CVE-2020-3441	Trust: 0.1

sources: VULHUB: VHN-181566 // VULMON: CVE-2020-3441 // JVNDB: JVNDB-2020-013500 // CNNVD: CNNVD-202011-1646 // NVD: CVE-2020-3441

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-infodisc-4tvqzn4	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3441	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.4095.2/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/alaial90/cve-2020-3441	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cisco-webex-flaw-snooping/161355/	Trust: 0.1

sources: VULHUB: VHN-181566 // VULMON: CVE-2020-3441 // JVNDB: JVNDB-2020-013500 // CNNVD: CNNVD-202011-1646 // NVD: CVE-2020-3441

SOURCES

db:	VULHUB	id:	VHN-181566
db:	VULMON	id:	CVE-2020-3441
db:	JVNDB	id:	JVNDB-2020-013500
db:	CNNVD	id:	CNNVD-202011-1646
db:	NVD	id:	CVE-2020-3441

LAST UPDATE DATE

2024-11-23T21:51:08.885000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181566	date:	2021-08-06T00:00:00
db:	VULMON	id:	CVE-2020-3441	date:	2021-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-013500	date:	2021-07-07T07:01:00
db:	CNNVD	id:	CNNVD-202011-1646	date:	2021-08-09T00:00:00
db:	NVD	id:	CVE-2020-3441	date:	2024-11-21T05:31:04.437

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181566	date:	2020-11-18T00:00:00
db:	VULMON	id:	CVE-2020-3441	date:	2020-11-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-013500	date:	2021-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202011-1646	date:	2020-11-18T00:00:00
db:	NVD	id:	CVE-2020-3441	date:	2020-11-18T19:15:12.447