CVE-2020-3419: Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability
First published: Wed Nov 18 2020(Updated: )
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Webex Meetings Server Software | <3.0 | |
| Cisco Webex Meetings Server Software | =3.0 | |
| Cisco Webex Meetings Server Software | =3.0-maintenance_release2 | |
| Cisco Webex Meetings Server Software | =3.0-maintenance_release3 | |
| Cisco Webex Meetings Server Software | =4.0 | |
| Cisco Webex Meetings Server Software | =4.0-maintenance_release1 | |
| Cisco Webex Meetings Server Software | =4.0-maintenance_release2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-3419?
CVE-2020-3419 has a medium severity rating, allowing unauthenticated users to join Webex meetings without appearing on the participant list.
How do I fix CVE-2020-3419?
To fix CVE-2020-3419, upgrade to the latest version of Cisco Webex Meetings Server that contains the necessary security patches.
Which versions of Cisco Webex Meetings Server are affected by CVE-2020-3419?
CVE-2020-3419 affects Cisco Webex Meetings Server versions 3.0 to 4.0, including maintenance releases.
Is CVE-2020-3419 an authenticated or unauthenticated vulnerability?
CVE-2020-3419 is an unauthenticated vulnerability, which allows attackers to exploit it without needing a user account.
What are the potential impacts of CVE-2020-3419?
The potential impact of CVE-2020-3419 includes unauthorized access to Webex meetings and potential exposure of sensitive information.
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/title
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco webex meetings server software
- version/cisco webex meetings server software/3.0
- version/cisco webex meetings server software/3.0-maintenance_release2
- version/cisco webex meetings server software/3.0-maintenance_release3
- version/cisco webex meetings server software/4.0
- version/cisco webex meetings server software/4.0-maintenance_release1
- version/cisco webex meetings server software/4.0-maintenance_release2