First published: Wed Sep 23 2020(Updated: )
A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit would cause the application to quit unexpectedly.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings Online | =1.3.43 | |
Cisco WebEx Meetings Server | =4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3116 is a vulnerability in Cisco Webex applications that allows an attacker to cause a denial of service (DoS) condition.
CVE-2020-3116 occurs due to insufficient validation of Universal Communications Format (UCF) media files in Cisco Webex applications.
Cisco Webex Meetings Online version 1.3.43 and Cisco WebEx Meetings Server version 4.0 are affected by CVE-2020-3116.
CVE-2020-3116 has a severity rating of medium, with a CVSS score of 5.5.
To fix CVE-2020-3116, users should update to the latest version of Cisco Webex Meetings Online or Cisco WebEx Meetings Server.