Details of VAR-202209-0491

ID

VAR-202209-0491

CVE

CVE-2022-20863

TITLE

Cisco Systems Cisco Webex Teams Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018491

DESCRIPTION

A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the interface, potentially allowing the attacker to conduct phishing or spoofing attacks. Cisco Systems Cisco Webex Teams Exists in unspecified vulnerabilities.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-20863 // JVNDB: JVNDB-2022-018491 // VULHUB: VHN-405416 // VULMON: CVE-2022-20863

AFFECTED PRODUCTS

vendor:	cisco	model:	webex teams	scope:	lt	version:	42.7	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex teams	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex teams	scope:	eq	version:	42.7	Trust: 0.8

sources: JVNDB: JVNDB-2022-018491 // NVD: CVE-2022-20863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20863
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20863
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20863
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202209-422
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-20863
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20863
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20863
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018491 // CNNVD: CNNVD-202209-422 // NVD: CVE-2022-20863 // NVD: CVE-2022-20863

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-450	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018491 // NVD: CVE-2022-20863

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-422

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-422

PATCH

title:	cisco-sa-webex-app-qrtO6YC2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-qrtO6YC2	Trust: 0.8
title:	Cisco Webex Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206757	Trust: 0.6
title:	Cisco: Cisco Webex Meetings App Character Interface Manipulation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-app-qrtO6YC2	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2022/09/08/cisco_routers_vulnerability/	Trust: 0.1

sources: VULMON: CVE-2022-20863 // JVNDB: JVNDB-2022-018491 // CNNVD: CNNVD-202209-422

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20863	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-018491	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.4441	Trust: 0.6
db:	CNNVD	id:	CNNVD-202209-422	Trust: 0.6
db:	VULHUB	id:	VHN-405416	Trust: 0.1
db:	VULMON	id:	CVE-2022-20863	Trust: 0.1

sources: VULHUB: VHN-405416 // VULMON: CVE-2022-20863 // JVNDB: JVNDB-2022-018491 // CNNVD: CNNVD-202209-422 // NVD: CVE-2022-20863

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-app-qrto6yc2	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20863	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.4441	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20863/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-405416 // VULMON: CVE-2022-20863 // JVNDB: JVNDB-2022-018491 // CNNVD: CNNVD-202209-422 // NVD: CVE-2022-20863

SOURCES

db:	VULHUB	id:	VHN-405416
db:	VULMON	id:	CVE-2022-20863
db:	JVNDB	id:	JVNDB-2022-018491
db:	CNNVD	id:	CNNVD-202209-422
db:	NVD	id:	CVE-2022-20863

LAST UPDATE DATE

2024-08-14T14:24:32.028000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405416	date:	2022-09-13T00:00:00
db:	VULMON	id:	CVE-2022-20863	date:	2022-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-018491	date:	2023-10-20T03:13:00
db:	CNNVD	id:	CNNVD-202209-422	date:	2022-09-14T00:00:00
db:	NVD	id:	CVE-2022-20863	date:	2023-11-07T03:43:09.390

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405416	date:	2022-09-08T00:00:00
db:	VULMON	id:	CVE-2022-20863	date:	2022-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-018491	date:	2023-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202209-422	date:	2022-09-07T00:00:00
db:	NVD	id:	CVE-2022-20863	date:	2022-09-08T13:15:08.930