Details of VAR-202011-1019

ID

VAR-202011-1019

CVE

CVE-2020-3471

TITLE

Cisco Webex Meetings and Cisco Webex Meetings Server Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013501

DESCRIPTION

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled

Trust: 1.8

sources: NVD: CVE-2020-3471 // JVNDB: JVNDB-2020-013501 // VULHUB: VHN-181596 // VULMON: CVE-2020-3471

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	lt	version:	3.0	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings server	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013501 // NVD: CVE-2020-3471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3471
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3471
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-3471
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-1610
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181596
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-3471
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3471
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-181596
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3471
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3471
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181596 // VULMON: CVE-2020-3471 // JVNDB: JVNDB-2020-013501 // CNNVD: CNNVD-202011-1610 // NVD: CVE-2020-3471 // NVD: CVE-2020-3471

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-662	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181596 // JVNDB: JVNDB-2020-013501 // NVD: CVE-2020-3471

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1610

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1610

PATCH

title:	cisco-sa-webex-info-leak-PhpzB3sG	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-info-leak-PhpzB3sG	Trust: 0.8
title:	Cisco Webex Meetings Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135287	Trust: 0.6
title:	Cisco: Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-info-leak-PhpzB3sG	Trust: 0.1
title:	CVE-2020-3471	url:	https://github.com/AlAIAL90/CVE-2020-3471	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-webex-flaw-snooping/161355/	Trust: 0.1

sources: VULMON: CVE-2020-3471 // JVNDB: JVNDB-2020-013501 // CNNVD: CNNVD-202011-1610

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3471	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-013501	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.4095.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-1610	Trust: 0.6
db:	VULHUB	id:	VHN-181596	Trust: 0.1
db:	VULMON	id:	CVE-2020-3471	Trust: 0.1

sources: VULHUB: VHN-181596 // VULMON: CVE-2020-3471 // JVNDB: JVNDB-2020-013501 // CNNVD: CNNVD-202011-1610 // NVD: CVE-2020-3471

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-info-leak-phpzb3sg	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3471	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.4095.2/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/662.html	Trust: 0.1
url:	https://github.com/alaial90/cve-2020-3471	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cisco-webex-flaw-snooping/161355/	Trust: 0.1

sources: VULHUB: VHN-181596 // VULMON: CVE-2020-3471 // JVNDB: JVNDB-2020-013501 // CNNVD: CNNVD-202011-1610 // NVD: CVE-2020-3471

SOURCES

db:	VULHUB	id:	VHN-181596
db:	VULMON	id:	CVE-2020-3471
db:	JVNDB	id:	JVNDB-2020-013501
db:	CNNVD	id:	CNNVD-202011-1610
db:	NVD	id:	CVE-2020-3471

LAST UPDATE DATE

2024-11-23T21:51:08.914000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181596	date:	2021-08-06T00:00:00
db:	VULMON	id:	CVE-2020-3471	date:	2021-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-013501	date:	2021-07-07T07:01:00
db:	CNNVD	id:	CNNVD-202011-1610	date:	2021-08-09T00:00:00
db:	NVD	id:	CVE-2020-3471	date:	2024-11-21T05:31:08.197

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181596	date:	2020-11-18T00:00:00
db:	VULMON	id:	CVE-2020-3471	date:	2020-11-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-013501	date:	2021-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202011-1610	date:	2020-11-18T00:00:00
db:	NVD	id:	CVE-2020-3471	date:	2020-11-18T19:15:12.633