First published: Thu Jul 16 2020(Updated: )
A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious web sites, or the attacker could leverage this vulnerability to conduct further client-side attacks.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings | <40.6.0 | |
Cisco WebEx Meetings Server | <=4.0 | |
Cisco WebEx Meetings Server | =4.0 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release1 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3345 is a vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server that could allow an unauthenticated, remote attacker to modify a web page in the context of a browser.
The affected software includes Cisco Webex Meetings versions up to 40.6.0 and Cisco Webex Meetings Server versions up to 4.0-maintenance_release2.
CVE-2020-3345 has a severity rating of 4.3, which is considered medium.
An attacker can exploit CVE-2020-3345 by taking advantage of improper checks on parameter values within affected web pages.
You can find more information about CVE-2020-3345 on the Cisco Security Advisory page: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-html-BJ4Y9tX