First published: Mon Aug 17 2020(Updated: )
A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings Online | <40.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3472 is a vulnerability in the contacts feature of Cisco Webex Meetings that could allow an authenticated remote attacker to access sensitive information.
CVE-2020-3472 allows an authenticated remote attacker with a legitimate user account to access sensitive information in Cisco Webex Meetings.
CVE-2020-3472 has a severity rating of medium.
To fix CVE-2020-3472, users should update Cisco Webex Meetings to version 40.7.0 or later.
Yes, you can find more information about CVE-2020-3472 at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-mAkmV4qc).