First published: Thu Jun 18 2020(Updated: )
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings | <=39.5.25 | |
Cisco Webex Meetings | >=40.1.0<=40.4.10 | |
Cisco Webex Meetings | =40.6.0 | |
Cisco WebEx Meetings Server | <4.0 | |
Cisco WebEx Meetings Server | =4.0 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release1 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release2 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3361 is a vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server that allows an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.
CVE-2020-3361 affects Cisco Webex Meetings and Cisco Webex Meetings Server by allowing an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.
CVE-2020-3361 has a severity rating of 9.8 out of 10, which is considered critical.
An attacker can exploit CVE-2020-3361 by improperly handling authentication tokens to gain unauthorized access to a vulnerable Webex site.
Yes, Cisco has released a security advisory with recommendations and patches to address the vulnerability. Please refer to the provided reference for more information.