CVE-2020-3361: Cisco Webex Meetings and Cisco Webex Meetings Server Token Handling Unauthorized Access Vulnerability
First published: Thu Jun 18 2020(Updated: )
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Webex Meetings | <=39.5.25 | |
| Cisco Webex Meetings | >=40.1.0<=40.4.10 | |
| Cisco Webex Meetings | =40.6.0 | |
| Cisco WebEx Meetings Server | <4.0 | |
| Cisco WebEx Meetings Server | =4.0 | |
| Cisco WebEx Meetings Server | =4.0-maintenance_release1 | |
| Cisco WebEx Meetings Server | =4.0-maintenance_release2 | |
| Cisco WebEx Meetings Server | =4.0-maintenance_release3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3361?
CVE-2020-3361 is a vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server that allows an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.
How does CVE-2020-3361 affect Cisco Webex Meetings and Cisco Webex Meetings Server?
CVE-2020-3361 affects Cisco Webex Meetings and Cisco Webex Meetings Server by allowing an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.
What is the severity of CVE-2020-3361?
CVE-2020-3361 has a severity rating of 9.8 out of 10, which is considered critical.
How can an attacker exploit CVE-2020-3361?
An attacker can exploit CVE-2020-3361 by improperly handling authentication tokens to gain unauthorized access to a vulnerable Webex site.
Is there a fix for CVE-2020-3361?
Yes, Cisco has released a security advisory with recommendations and patches to address the vulnerability. Please refer to the provided reference for more information.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- vendor/cisco
- canonical/cisco webex meetings
- version/cisco webex meetings/39.5.25
- version/cisco webex meetings/40.1.0
- version/cisco webex meetings/40.4.10
- version/cisco webex meetings/40.6.0
- canonical/cisco webex meetings server
- version/cisco webex meetings server/4.0
- version/cisco webex meetings server/4.0-maintenance_release1
- version/cisco webex meetings server/4.0-maintenance_release2
- version/cisco webex meetings server/4.0-maintenance_release3