First published: Sun Jan 26 2020(Updated: )
A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Teams | <=3.0.13131 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3131 is a vulnerability in the Cisco Webex Teams client for Windows that could allow an authenticated remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition.
An authenticated remote attacker with a valid developer account can exploit CVE-2020-3131.
CVE-2020-3131 has a severity rating of 6.5 (Medium).
The Cisco Webex Teams client for Windows version 3.0.13131 is affected by CVE-2020-3131.
To fix CVE-2020-3131, it is recommended to update the Cisco Webex Teams client for Windows to a version that addresses the vulnerability.