What is CVE-2020-3472?

CVE-2020-3472 is a vulnerability in the contacts feature of Cisco Webex Meetings that could allow an authenticated remote attacker to access sensitive information.

What is the severity of CVE-2020-3472?

CVE-2020-3472 has a severity rating of medium.

How do I fix CVE-2020-3472?

To fix CVE-2020-3472, users should update Cisco Webex Meetings to version 40.7.0 or later.

Are there any references for CVE-2020-3472?

Yes, you can find more information about CVE-2020-3472 at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-mAkmV4qc).

Vulnerability/
CVE-2020-3472

medium

CWE

863 200

17/8/2020

16/9/2024

CVE-2020-3472: Cisco Webex Meetings User Email Address Information Disclosure Vulnerability

Q: How does CVE-2020-3472 impact Cisco Webex Meetings?

CVE-2020-3472 allows an authenticated remote attacker with a legitimate user account to access sensitive information in Cisco Webex Meetings.

First published: Mon Aug 17 2020(Updated: )

A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Webex Meetings Online	<40.7.0

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-mAkmV4qc

Frequently Asked Questions

What is CVE-2020-3472?
CVE-2020-3472 is a vulnerability in the contacts feature of Cisco Webex Meetings that could allow an authenticated remote attacker to access sensitive information.
How does CVE-2020-3472 impact Cisco Webex Meetings?
CVE-2020-3472 allows an authenticated remote attacker with a legitimate user account to access sensitive information in Cisco Webex Meetings.
What is the severity of CVE-2020-3472?
CVE-2020-3472 has a severity rating of medium.
How do I fix CVE-2020-3472?
To fix CVE-2020-3472, users should update Cisco Webex Meetings to version 40.7.0 or later.
Are there any references for CVE-2020-3472?
Yes, you can find more information about CVE-2020-3472 at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-mAkmV4qc).

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/title
agent/author
agent/references
agent/tags
agent/description
agent/event
agent/first-publish-date
vendor/cisco
canonical/cisco webex meetings online

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.