Details of VAR-202204-0751

ID

VAR-202204-0751

CVE

CVE-2022-20763

TITLE

Cisco Webex Meetings Untrusted Data Deserialization Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009359

DESCRIPTION

A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20763 // JVNDB: JVNDB-2022-009359 // VULHUB: VHN-405316 // VULMON: CVE-2022-20763

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings online	scope:	eq	version:	wbs42.2.1-1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings online	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings online	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009359 // NVD: CVE-2022-20763

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20763
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20763
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20763
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202204-2459
value:	HIGH
Trust: 0.6
VULHUB:	VHN-405316
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-20763
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-20763
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405316
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20763
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20763
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20763
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405316 // VULMON: CVE-2022-20763 // JVNDB: JVNDB-2022-009359 // CNNVD: CNNVD-202204-2459 // NVD: CVE-2022-20763 // NVD: CVE-2022-20763

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.1
problemtype:	Deserialization of untrusted data (CWE-502) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405316 // JVNDB: JVNDB-2022-009359 // NVD: CVE-2022-20763

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2459

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-2459

PATCH

title:	cisco-sa-webex-java-MVX6crH9	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-java-MVX6crH9	Trust: 0.8
title:	Cisco Webex Meetings Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189427	Trust: 0.6
title:	Cisco: Cisco Webex Meetings Java Deserialization Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-java-MVX6crH9	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20763 // JVNDB: JVNDB-2022-009359 // CNNVD: CNNVD-202204-2459

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20763	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009359	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.1498	Trust: 0.6
db:	CS-HELP	id:	SB2022040703	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2459	Trust: 0.6
db:	VULHUB	id:	VHN-405316	Trust: 0.1
db:	VULMON	id:	CVE-2022-20763	Trust: 0.1

sources: VULHUB: VHN-405316 // VULMON: CVE-2022-20763 // JVNDB: JVNDB-2022-009359 // CNNVD: CNNVD-202204-2459 // NVD: CVE-2022-20763

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-java-mvx6crh9	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20763	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022040703	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1498	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20763/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/502.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405316 // VULMON: CVE-2022-20763 // JVNDB: JVNDB-2022-009359 // CNNVD: CNNVD-202204-2459 // NVD: CVE-2022-20763

SOURCES

db:	VULHUB	id:	VHN-405316
db:	VULMON	id:	CVE-2022-20763
db:	JVNDB	id:	JVNDB-2022-009359
db:	CNNVD	id:	CNNVD-202204-2459
db:	NVD	id:	CVE-2022-20763

LAST UPDATE DATE

2024-11-23T21:50:37.740000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405316	date:	2022-04-14T00:00:00
db:	VULMON	id:	CVE-2022-20763	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-009359	date:	2023-08-04T05:55:00
db:	CNNVD	id:	CNNVD-202204-2459	date:	2022-04-15T00:00:00
db:	NVD	id:	CVE-2022-20763	date:	2024-11-21T06:43:30.317

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405316	date:	2022-04-06T00:00:00
db:	VULMON	id:	CVE-2022-20763	date:	2022-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-009359	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202204-2459	date:	2022-04-06T00:00:00
db:	NVD	id:	CVE-2022-20763	date:	2022-04-06T19:15:08.327