What is CVE-2020-3361?

CVE-2020-3361 is a vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server that allows an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.

How does CVE-2020-3361 affect Cisco Webex Meetings and Cisco Webex Meetings Server?

CVE-2020-3361 affects Cisco Webex Meetings and Cisco Webex Meetings Server by allowing an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.

What is the severity of CVE-2020-3361?

CVE-2020-3361 has a severity rating of 9.8 out of 10, which is considered critical.

How can an attacker exploit CVE-2020-3361?

An attacker can exploit CVE-2020-3361 by improperly handling authentication tokens to gain unauthorized access to a vulnerable Webex site.

Is there a fix for CVE-2020-3361?

Yes, Cisco has released a security advisory with recommendations and patches to address the vulnerability. Please refer to the provided reference for more information.

Vulnerability/
CVE-2020-3361

critical

9.8

CWE

287

18/6/2020

15/11/2024

CVE-2020-3361: Cisco Webex Meetings and Cisco Webex Meetings Server Token Handling Unauthorized Access Vulnerability

First published: Thu Jun 18 2020(Updated: )

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Webex Meetings	<=39.5.25
Cisco Webex Meetings	>=40.1.0<=40.4.10
Cisco Webex Meetings	=40.6.0
Cisco WebEx Meetings Server	<4.0
Cisco WebEx Meetings Server	=4.0
Cisco WebEx Meetings Server	=4.0-maintenance_release1
Cisco WebEx Meetings Server	=4.0-maintenance_release2
Cisco WebEx Meetings Server	=4.0-maintenance_release3

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-token-zPvEjKN

Frequently Asked Questions

What is CVE-2020-3361?
CVE-2020-3361 is a vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server that allows an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.
How does CVE-2020-3361 affect Cisco Webex Meetings and Cisco Webex Meetings Server?
CVE-2020-3361 affects Cisco Webex Meetings and Cisco Webex Meetings Server by allowing an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.
What is the severity of CVE-2020-3361?
CVE-2020-3361 has a severity rating of 9.8 out of 10, which is considered critical.
How can an attacker exploit CVE-2020-3361?
An attacker can exploit CVE-2020-3361 by improperly handling authentication tokens to gain unauthorized access to a vulnerable Webex site.
Is there a fix for CVE-2020-3361?
Yes, Cisco has released a security advisory with recommendations and patches to address the vulnerability. Please refer to the provided reference for more information.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/author
agent/weakness
agent/references
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/softwarecombine
agent/event
vendor/cisco
canonical/cisco webex meetings
version/cisco webex meetings/39.5.25
version/cisco webex meetings/40.1.0
version/cisco webex meetings/40.4.10
version/cisco webex meetings/40.6.0
canonical/cisco webex meetings server
version/cisco webex meetings server/4.0
version/cisco webex meetings server/4.0-maintenance_release1
version/cisco webex meetings server/4.0-maintenance_release2
version/cisco webex meetings server/4.0-maintenance_release3