First published: Mon Aug 17 2020(Updated: )
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to create a scheduled meeting template. A successful exploit could allow the attacker to create a scheduled meeting template that would belong to a user other than themselves.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings Online | <40.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-3412.
CVE-2020-3412 has a severity level of medium (4.3).
This vulnerability allows an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization.
Cisco Webex Meetings Online up to version 40.7.0 is affected by CVE-2020-3412.
Yes, Cisco has released a security advisory with recommended mitigations to address CVE-2020-3412. Please refer to the advisory for more details.