First published: Fri Sep 04 2020(Updated: )
A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings | <39.5.25 | |
Cisco Webex Meetings | <39.5.25 | |
Cisco Webex Meetings | >=40.6.0<40.6.6 | |
Cisco Webex Meetings | >=40.6.0<40.6.6 | |
Cisco Webex Teams | <3.0.15711.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-3541 is medium.
The vulnerability in Cisco Webex Meetings Client for Windows is due to unsafe logging.
Cisco Webex Meetings versions up to 39.5.25 and 40.6.0 to 40.6.6, Cisco Webex Teams version up to 3.0.15711.0 for Windows are affected by CVE-2020-3541.
An attacker can exploit CVE-2020-3541 by gaining access to sensitive information through the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows.
You can find more information about CVE-2020-3541 on the Cisco Security Advisory website.