CWE
863 200
Advisory Published
Updated

CVE-2020-3472: Cisco Webex Meetings User Email Address Information Disclosure Vulnerability

First published: Mon Aug 17 2020(Updated: )

A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Webex Meetings Online<40.7.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-3472?

    CVE-2020-3472 is a vulnerability in the contacts feature of Cisco Webex Meetings that could allow an authenticated remote attacker to access sensitive information.

  • How does CVE-2020-3472 impact Cisco Webex Meetings?

    CVE-2020-3472 allows an authenticated remote attacker with a legitimate user account to access sensitive information in Cisco Webex Meetings.

  • What is the severity of CVE-2020-3472?

    CVE-2020-3472 has a severity rating of medium.

  • How do I fix CVE-2020-3472?

    To fix CVE-2020-3472, users should update Cisco Webex Meetings to version 40.7.0 or later.

  • Are there any references for CVE-2020-3472?

    Yes, you can find more information about CVE-2020-3472 at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-mAkmV4qc).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203