First published: Thu Jun 18 2020(Updated: )
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings | <40.4.12 | |
Cisco Webex Meetings | =40.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3347 is a vulnerability in Cisco Webex Meetings Desktop App for Windows that could allow an authenticated local attacker to gain access to sensitive information on an affected system.
CVE-2020-3347 could allow an attacker with local access to the system to gain access to sensitive information.
CVE-2020-3347 has a severity rating of 5.5 (medium).
The affected software of CVE-2020-3347 is Cisco Webex Meetings Desktop App for Windows version 40.4.12 and version 40.6.0.
To fix CVE-2020-3347, it is recommended to update to the latest version of Cisco Webex Meetings Desktop App for Windows.