First published: Mon Aug 17 2020(Updated: )
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to delete a scheduled meeting template. A successful exploit could allow the attacker to delete a scheduled meeting template that belongs to a user other than themselves.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings Online | <40.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco Webex Meetings vulnerability is CVE-2020-3413.
The severity level of CVE-2020-3413 is medium with a CVSS score of 4.3.
CVE-2020-3413 affects Cisco Webex Meetings by allowing an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user within the organization.
The affected software for CVE-2020-3413 is Cisco Webex Meetings Online version up to 40.7.0.
Yes, Cisco has released a security advisory with mitigation measures for CVE-2020-3413. Please refer to the provided reference link for more information.