Details of VAR-202208-0238

ID

VAR-202208-0238

CVE

CVE-2022-20852

TITLE

Cisco Webex Meetings Vulnerability in improperly limiting rendered user interface layers or frames in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016744

DESCRIPTION

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Webex Meetings Contains a vulnerability regarding improper restrictions on rendered user interface layers or frames.Information may be tampered with. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco). Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-frmhijck-kO3wmkuS

Trust: 1.8

sources: NVD: CVE-2022-20852 // JVNDB: JVNDB-2022-016744 // VULHUB: VHN-405405 // VULMON: CVE-2022-20852

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-016744 // NVD: CVE-2022-20852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20852
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20852
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20852
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202208-2105
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-20852
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20852
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20852
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016744 // CNNVD: CNNVD-202208-2105 // NVD: CVE-2022-20852 // NVD: CVE-2022-20852

PROBLEMTYPE DATA

problemtype:	CWE-1021	Trust: 1.0
problemtype:	Improper restrictions on rendered user interface layers or frames (CWE-1021) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-20	Trust: 0.1

sources: VULHUB: VHN-405405 // JVNDB: JVNDB-2022-016744 // NVD: CVE-2022-20852

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2105

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202208-2105

PATCH

title:	cisco-sa-webex-xss-frmhijck-kO3wmkuS	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-frmhijck-kO3wmkuS	Trust: 0.8
title:	Cisco Webex Meetings Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=204183	Trust: 0.6
title:	Cisco: Cisco Webex Meetings Web Interface Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-xss-frmhijck-kO3wmkuS	Trust: 0.1

sources: VULMON: CVE-2022-20852 // JVNDB: JVNDB-2022-016744 // CNNVD: CNNVD-202208-2105

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20852	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-016744	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-2105	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.3825	Trust: 0.6
db:	VULHUB	id:	VHN-405405	Trust: 0.1
db:	VULMON	id:	CVE-2022-20852	Trust: 0.1

sources: VULHUB: VHN-405405 // VULMON: CVE-2022-20852 // JVNDB: JVNDB-2022-016744 // CNNVD: CNNVD-202208-2105 // NVD: CVE-2022-20852

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-xss-frmhijck-ko3wmkus	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20852	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.3825	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20852/	Trust: 0.6

sources: VULHUB: VHN-405405 // VULMON: CVE-2022-20852 // JVNDB: JVNDB-2022-016744 // CNNVD: CNNVD-202208-2105 // NVD: CVE-2022-20852

SOURCES

db:	VULHUB	id:	VHN-405405
db:	VULMON	id:	CVE-2022-20852
db:	JVNDB	id:	JVNDB-2022-016744
db:	CNNVD	id:	CNNVD-202208-2105
db:	NVD	id:	CVE-2022-20852

LAST UPDATE DATE

2024-08-14T13:42:33.657000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405405	date:	2022-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-016744	date:	2023-10-06T05:13:00
db:	CNNVD	id:	CNNVD-202208-2105	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2022-20852	date:	2023-11-07T03:43:07.543

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405405	date:	2022-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-016744	date:	2023-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202208-2105	date:	2022-08-03T00:00:00
db:	NVD	id:	CVE-2022-20852	date:	2022-08-10T09:15:08.647