Details of VAR-202208-0240

ID

VAR-202208-0240

CVE

CVE-2022-20820

TITLE

Cisco Webex Meetings Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016751

DESCRIPTION

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Webex Meetings Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-frmhijck-kO3wmkuS

Trust: 1.8

sources: NVD: CVE-2022-20820 // JVNDB: JVNDB-2022-016751 // VULHUB: VHN-405373 // VULMON: CVE-2022-20820

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-016751 // NVD: CVE-2022-20820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20820
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20820
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20820
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202208-2099
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-20820
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20820
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016751 // CNNVD: CNNVD-202208-2099 // NVD: CVE-2022-20820 // NVD: CVE-2022-20820

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	CWE-1021	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405373 // JVNDB: JVNDB-2022-016751 // NVD: CVE-2022-20820

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2099

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202208-2099

PATCH

title:	cisco-sa-webex-xss-frmhijck-kO3wmkuS	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-frmhijck-kO3wmkuS	Trust: 0.8
title:	Cisco Webex Meetings Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204182	Trust: 0.6
title:	Cisco: Cisco Webex Meetings Web Interface Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-xss-frmhijck-kO3wmkuS	Trust: 0.1

sources: VULMON: CVE-2022-20820 // JVNDB: JVNDB-2022-016751 // CNNVD: CNNVD-202208-2099

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20820	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-016751	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.3825	Trust: 0.6
db:	CNNVD	id:	CNNVD-202208-2099	Trust: 0.6
db:	VULHUB	id:	VHN-405373	Trust: 0.1
db:	VULMON	id:	CVE-2022-20820	Trust: 0.1

sources: VULHUB: VHN-405373 // VULMON: CVE-2022-20820 // JVNDB: JVNDB-2022-016751 // CNNVD: CNNVD-202208-2099 // NVD: CVE-2022-20820

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-xss-frmhijck-ko3wmkus	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20820	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.3825	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20820/	Trust: 0.6

sources: VULHUB: VHN-405373 // VULMON: CVE-2022-20820 // JVNDB: JVNDB-2022-016751 // CNNVD: CNNVD-202208-2099 // NVD: CVE-2022-20820

SOURCES

db:	VULHUB	id:	VHN-405373
db:	VULMON	id:	CVE-2022-20820
db:	JVNDB	id:	JVNDB-2022-016751
db:	CNNVD	id:	CNNVD-202208-2099
db:	NVD	id:	CVE-2022-20820

LAST UPDATE DATE

2024-08-14T13:42:33.685000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405373	date:	2022-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-016751	date:	2023-10-06T06:30:00
db:	CNNVD	id:	CNNVD-202208-2099	date:	2022-08-15T00:00:00
db:	NVD	id:	CVE-2022-20820	date:	2023-11-07T03:43:02.703

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405373	date:	2022-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-016751	date:	2023-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202208-2099	date:	2022-08-03T00:00:00
db:	NVD	id:	CVE-2022-20820	date:	2022-08-10T09:15:08.477