All the vulnerabilites related to Cisco - Cisco Webex Teams
cve-2024-20395
Vulnerability from cvelistv5
Published
2024-07-17 16:32
Modified
2024-08-01 21:59
Summary
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:webex_teams:3.0.13464.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.13538.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.13588.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.14154.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.14234.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.14375.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.14741.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.14866.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15015.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15036.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15092.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15131.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15164.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15221.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15333.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15410.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15485.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15645.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.15711.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.16040.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.16269.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.16273.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:3.0.16285.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.10:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.12:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.13:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.14:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.15:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.16:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.17:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.18:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.19:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.20:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.9:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.1.57:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.1.92:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.10.343:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.11.211:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.12.236:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.13.200:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.2.42:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.2.75:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.5.224:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.6.197:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.7.78:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.8.170:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.9.205:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.9.252:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:4.9.269:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.1.0.169:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.1.0.21190:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.1.0.2219:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.10:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.10.0.23814:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.10.0.24000:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.11:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.11.0.24187:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.12:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.12.0.24485:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.2.0.21338:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.2.0.21486:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.3.0.21576:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.4.1.22032:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.5.0.22259:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.6.0.22565:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.6.0.22645:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.7.0.22904:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.7.0.23054:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.8.0.23214:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.8.0.23281:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.9:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:42.9.0.23494:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.1.0.24716:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.2.0.25157:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.2.0.25211:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.3.0.25468:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:webex_teams:43.4.0.25788:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "webex_teams",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "3.0.13464.0"
              },
              {
                "status": "affected",
                "version": "3.0.13538.0"
              },
              {
                "status": "affected",
                "version": "3.0.13588.0"
              },
              {
                "status": "affected",
                "version": "3.0.14154.0"
              },
              {
                "status": "affected",
                "version": "3.0.14234.0"
              },
              {
                "status": "affected",
                "version": "3.0.14375.0"
              },
              {
                "status": "affected",
                "version": "3.0.14741.0"
              },
              {
                "status": "affected",
                "version": "3.0.14866.0"
              },
              {
                "status": "affected",
                "version": "3.0.15015.0"
              },
              {
                "status": "affected",
                "version": "3.0.15036.0"
              },
              {
                "status": "affected",
                "version": "3.0.15092.0"
              },
              {
                "status": "affected",
                "version": "3.0.15131.0"
              },
              {
                "status": "affected",
                "version": "3.0.15164.0"
              },
              {
                "status": "affected",
                "version": "3.0.15221.0"
              },
              {
                "status": "affected",
                "version": "3.0.15333.0"
              },
              {
                "status": "affected",
                "version": "3.0.15410.0"
              },
              {
                "status": "affected",
                "version": "3.0.15485.0"
              },
              {
                "status": "affected",
                "version": "3.0.15645.0"
              },
              {
                "status": "affected",
                "version": "3.0.15711.0"
              },
              {
                "status": "affected",
                "version": "3.0.16040.0"
              },
              {
                "status": "affected",
                "version": "3.0.16269.0"
              },
              {
                "status": "affected",
                "version": "3.0.16273.0"
              },
              {
                "status": "affected",
                "version": "3.0.16285.0"
              },
              {
                "status": "affected",
                "version": "4.0"
              },
              {
                "status": "affected",
                "version": "4.1"
              },
              {
                "status": "affected",
                "version": "4.10"
              },
              {
                "status": "affected",
                "version": "4.12"
              },
              {
                "status": "affected",
                "version": "4.13"
              },
              {
                "status": "affected",
                "version": "4.14"
              },
              {
                "status": "affected",
                "version": "4.15"
              },
              {
                "status": "affected",
                "version": "4.16"
              },
              {
                "status": "affected",
                "version": "4.17"
              },
              {
                "status": "affected",
                "version": "4.18"
              },
              {
                "status": "affected",
                "version": "4.19"
              },
              {
                "status": "affected",
                "version": "4.2"
              },
              {
                "status": "affected",
                "version": "4.20"
              },
              {
                "status": "affected",
                "version": "4.3"
              },
              {
                "status": "affected",
                "version": "4.4"
              },
              {
                "status": "affected",
                "version": "4.5"
              },
              {
                "status": "affected",
                "version": "4.6"
              },
              {
                "status": "affected",
                "version": "4.8"
              },
              {
                "status": "affected",
                "version": "4.9"
              },
              {
                "status": "affected",
                "version": "4.1.57"
              },
              {
                "status": "affected",
                "version": "4.1.92"
              },
              {
                "status": "affected",
                "version": "4.10.343"
              },
              {
                "status": "affected",
                "version": "4.11.211"
              },
              {
                "status": "affected",
                "version": "4.12.236"
              },
              {
                "status": "affected",
                "version": "4.13.200"
              },
              {
                "status": "affected",
                "version": "4.2.42"
              },
              {
                "status": "affected",
                "version": "4.2.75"
              },
              {
                "status": "affected",
                "version": "4.5.224"
              },
              {
                "status": "affected",
                "version": "4.6.197"
              },
              {
                "status": "affected",
                "version": "4.7.78"
              },
              {
                "status": "affected",
                "version": "4.8.170"
              },
              {
                "status": "affected",
                "version": "4.9.205"
              },
              {
                "status": "affected",
                "version": "4.9.252"
              },
              {
                "status": "affected",
                "version": "4.9.269"
              },
              {
                "status": "affected",
                "version": "42.1.0.169"
              },
              {
                "status": "affected",
                "version": "42.1.0.21190"
              },
              {
                "status": "affected",
                "version": "42.1.0.2219"
              },
              {
                "status": "affected",
                "version": "42.10"
              },
              {
                "status": "affected",
                "version": "42.10.0.23814"
              },
              {
                "status": "affected",
                "version": "42.10.0.24000"
              },
              {
                "status": "affected",
                "version": "42.11"
              },
              {
                "status": "affected",
                "version": "42.11.0.24187"
              },
              {
                "status": "affected",
                "version": "42.12"
              },
              {
                "status": "affected",
                "version": "42.12.0.24485"
              },
              {
                "status": "affected",
                "version": "42.2"
              },
              {
                "status": "affected",
                "version": "42.2.0.21338"
              },
              {
                "status": "affected",
                "version": "42.2.0.21486"
              },
              {
                "status": "affected",
                "version": "42.3"
              },
              {
                "status": "affected",
                "version": "42.3.0.21576"
              },
              {
                "status": "affected",
                "version": "42.4.1.22032"
              },
              {
                "status": "affected",
                "version": "42.5.0.22259"
              },
              {
                "status": "affected",
                "version": "42.6"
              },
              {
                "status": "affected",
                "version": "42.6.0.22565"
              },
              {
                "status": "affected",
                "version": "42.6.0.22645"
              },
              {
                "status": "affected",
                "version": "42.7"
              },
              {
                "status": "affected",
                "version": "42.7.0.22904"
              },
              {
                "status": "affected",
                "version": "42.7.0.23054"
              },
              {
                "status": "affected",
                "version": "42.8"
              },
              {
                "status": "affected",
                "version": "42.8.0.23214"
              },
              {
                "status": "affected",
                "version": "42.8.0.23281"
              },
              {
                "status": "affected",
                "version": "42.9"
              },
              {
                "status": "affected",
                "version": "42.9.0.23494"
              },
              {
                "status": "affected",
                "version": "43.1"
              },
              {
                "status": "affected",
                "version": "43.1.0.24716"
              },
              {
                "status": "affected",
                "version": "43.2"
              },
              {
                "status": "affected",
                "version": "43.2.0.25157"
              },
              {
                "status": "affected",
                "version": "43.2.0.25211"
              },
              {
                "status": "affected",
                "version": "43.3"
              },
              {
                "status": "affected",
                "version": "43.3.0.25468"
              },
              {
                "status": "affected",
                "version": "43.4"
              },
              {
                "status": "affected",
                "version": "43.4.0.25788"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20395",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T03:55:23.962265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-18T13:23:45.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.341Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-webex-app-ZjNm8X8j",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.13464.0"
            },
            {
              "status": "affected",
              "version": "3.0.13538.0"
            },
            {
              "status": "affected",
              "version": "3.0.13588.0"
            },
            {
              "status": "affected",
              "version": "3.0.14154.0"
            },
            {
              "status": "affected",
              "version": "3.0.14234.0"
            },
            {
              "status": "affected",
              "version": "3.0.14375.0"
            },
            {
              "status": "affected",
              "version": "3.0.14741.0"
            },
            {
              "status": "affected",
              "version": "3.0.14866.0"
            },
            {
              "status": "affected",
              "version": "3.0.15015.0"
            },
            {
              "status": "affected",
              "version": "3.0.15036.0"
            },
            {
              "status": "affected",
              "version": "3.0.15092.0"
            },
            {
              "status": "affected",
              "version": "3.0.15131.0"
            },
            {
              "status": "affected",
              "version": "3.0.15164.0"
            },
            {
              "status": "affected",
              "version": "3.0.15221.0"
            },
            {
              "status": "affected",
              "version": "3.0.15333.0"
            },
            {
              "status": "affected",
              "version": "3.0.15410.0"
            },
            {
              "status": "affected",
              "version": "3.0.15485.0"
            },
            {
              "status": "affected",
              "version": "3.0.15645.0"
            },
            {
              "status": "affected",
              "version": "3.0.15711.0"
            },
            {
              "status": "affected",
              "version": "3.0.16040.0"
            },
            {
              "status": "affected",
              "version": "3.0.16269.0"
            },
            {
              "status": "affected",
              "version": "3.0.16273.0"
            },
            {
              "status": "affected",
              "version": "3.0.16285.0"
            },
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "status": "affected",
              "version": "4.4"
            },
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "status": "affected",
              "version": "4.1.57"
            },
            {
              "status": "affected",
              "version": "4.1.92"
            },
            {
              "status": "affected",
              "version": "4.10.343"
            },
            {
              "status": "affected",
              "version": "4.11.211"
            },
            {
              "status": "affected",
              "version": "4.12.236"
            },
            {
              "status": "affected",
              "version": "4.13.200"
            },
            {
              "status": "affected",
              "version": "4.2.42"
            },
            {
              "status": "affected",
              "version": "4.2.75"
            },
            {
              "status": "affected",
              "version": "4.5.224"
            },
            {
              "status": "affected",
              "version": "4.6.197"
            },
            {
              "status": "affected",
              "version": "4.7.78"
            },
            {
              "status": "affected",
              "version": "4.8.170"
            },
            {
              "status": "affected",
              "version": "4.9.205"
            },
            {
              "status": "affected",
              "version": "4.9.252"
            },
            {
              "status": "affected",
              "version": "4.9.269"
            },
            {
              "status": "affected",
              "version": "42.1.0.169"
            },
            {
              "status": "affected",
              "version": "42.1.0.21190"
            },
            {
              "status": "affected",
              "version": "42.1.0.2219"
            },
            {
              "status": "affected",
              "version": "42.10"
            },
            {
              "status": "affected",
              "version": "42.10.0.23814"
            },
            {
              "status": "affected",
              "version": "42.10.0.24000"
            },
            {
              "status": "affected",
              "version": "42.11"
            },
            {
              "status": "affected",
              "version": "42.11.0.24187"
            },
            {
              "status": "affected",
              "version": "42.12"
            },
            {
              "status": "affected",
              "version": "42.12.0.24485"
            },
            {
              "status": "affected",
              "version": "42.2"
            },
            {
              "status": "affected",
              "version": "42.2.0.21338"
            },
            {
              "status": "affected",
              "version": "42.2.0.21486"
            },
            {
              "status": "affected",
              "version": "42.3"
            },
            {
              "status": "affected",
              "version": "42.3.0.21576"
            },
            {
              "status": "affected",
              "version": "42.4.1.22032"
            },
            {
              "status": "affected",
              "version": "42.5.0.22259"
            },
            {
              "status": "affected",
              "version": "42.6"
            },
            {
              "status": "affected",
              "version": "42.6.0.22565"
            },
            {
              "status": "affected",
              "version": "42.6.0.22645"
            },
            {
              "status": "affected",
              "version": "42.7"
            },
            {
              "status": "affected",
              "version": "42.7.0.22904"
            },
            {
              "status": "affected",
              "version": "42.7.0.23054"
            },
            {
              "status": "affected",
              "version": "42.8"
            },
            {
              "status": "affected",
              "version": "42.8.0.23214"
            },
            {
              "status": "affected",
              "version": "42.8.0.23281"
            },
            {
              "status": "affected",
              "version": "42.9"
            },
            {
              "status": "affected",
              "version": "42.9.0.23494"
            },
            {
              "status": "affected",
              "version": "43.1"
            },
            {
              "status": "affected",
              "version": "43.1.0.24716"
            },
            {
              "status": "affected",
              "version": "43.2"
            },
            {
              "status": "affected",
              "version": "43.2.0.25157"
            },
            {
              "status": "affected",
              "version": "43.2.0.25211"
            },
            {
              "status": "affected",
              "version": "43.3"
            },
            {
              "status": "affected",
              "version": "43.3.0.25468"
            },
            {
              "status": "affected",
              "version": "43.4"
            },
            {
              "status": "affected",
              "version": "43.4.0.25788"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.\r\n\r This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "Unprotected Transport of Credentials",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T16:32:07.102Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-webex-app-ZjNm8X8j",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webex-app-ZjNm8X8j",
        "defects": [
          "CSCwj36941",
          "CSCwj36943"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20395",
    "datePublished": "2024-07-17T16:32:07.102Z",
    "dateReserved": "2023-11-08T15:08:07.659Z",
    "dateUpdated": "2024-08-01T21:59:42.341Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0436
Vulnerability from cvelistv5
Published
2018-10-05 14:00
Modified
2024-09-16 19:31
Severity ?
Summary
Cisco Webex Teams Information Disclosure and Modification Vulnerability
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:09.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105301",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105301"
          },
          {
            "name": "20180905 Cisco Webex Teams Information Disclosure and Modification Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-07T09:57:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "105301",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105301"
        },
        {
          "name": "20180905 Cisco Webex Teams Information Disclosure and Modification Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20180905-webex-id-mod",
        "defect": [
          [
            "CSCvi68464"
          ]
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Cisco Webex Teams Information Disclosure and Modification Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
          "ID": "CVE-2018-0436",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Teams Information Disclosure and Modification Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Teams",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "8.7",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105301",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105301"
            },
            {
              "name": "20180905 Cisco Webex Teams Information Disclosure and Modification Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20180905-webex-id-mod",
          "defect": [
            [
              "CSCvi68464"
            ]
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0436",
    "datePublished": "2018-10-05T14:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-09-16T19:31:52.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-16001
Vulnerability from cvelistv5
Published
2019-11-26 03:41
Modified
2024-09-17 03:18
Summary
Cisco Webex Teams for Windows DLL Hijacking Vulnerability
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:03:32.710Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20191120 Cisco Webex Teams for Windows DLL Hijacking Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-teams-dll"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "n/a",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-26T03:41:26",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20191120 Cisco Webex Teams for Windows DLL Hijacking Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-teams-dll"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20191120-webex-teams-dll",
        "defect": [
          [
            "CSCvq87642"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Webex Teams for Windows DLL Hijacking Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-11-20T16:00:00-0800",
          "ID": "CVE-2019-16001",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Teams for Windows DLL Hijacking Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Teams",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20191120 Cisco Webex Teams for Windows DLL Hijacking Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-teams-dll"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20191120-webex-teams-dll",
          "defect": [
            [
              "CSCvq87642"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-16001",
    "datePublished": "2019-11-26T03:41:26.437971Z",
    "dateReserved": "2019-09-06T00:00:00",
    "dateUpdated": "2024-09-17T03:18:42.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1536
Vulnerability from cvelistv5
Published
2021-06-04 16:45
Modified
2024-11-07 22:09
Summary
Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.697Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210602 Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1536",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:41:47.180574Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T22:09:47.292Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-04T16:45:45",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210602 Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webex-dll-inject-XNmcSGTU",
        "defect": [
          [
            "CSCvw48667",
            "CSCvw79311",
            "CSCvw79321"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-06-02T16:00:00",
          "ID": "CVE-2021-1536",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Teams",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.8",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210602 Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-webex-dll-inject-XNmcSGTU",
          "defect": [
            [
              "CSCvw48667",
              "CSCvw79311",
              "CSCvw79321"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1536",
    "datePublished": "2021-06-04T16:45:45.378447Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T22:09:47.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20396
Vulnerability from cvelistv5
Published
2024-07-17 16:33
Modified
2024-08-01 21:59
Summary
A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20396",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T17:59:58.773024Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T18:00:53.060Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-webex-app-ZjNm8X8j",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.13464.0"
            },
            {
              "status": "affected",
              "version": "3.0.13538.0"
            },
            {
              "status": "affected",
              "version": "3.0.13588.0"
            },
            {
              "status": "affected",
              "version": "3.0.14154.0"
            },
            {
              "status": "affected",
              "version": "3.0.14234.0"
            },
            {
              "status": "affected",
              "version": "3.0.14375.0"
            },
            {
              "status": "affected",
              "version": "3.0.14741.0"
            },
            {
              "status": "affected",
              "version": "3.0.14866.0"
            },
            {
              "status": "affected",
              "version": "3.0.15015.0"
            },
            {
              "status": "affected",
              "version": "3.0.15036.0"
            },
            {
              "status": "affected",
              "version": "3.0.15092.0"
            },
            {
              "status": "affected",
              "version": "3.0.15131.0"
            },
            {
              "status": "affected",
              "version": "3.0.15164.0"
            },
            {
              "status": "affected",
              "version": "3.0.15221.0"
            },
            {
              "status": "affected",
              "version": "3.0.15333.0"
            },
            {
              "status": "affected",
              "version": "3.0.15410.0"
            },
            {
              "status": "affected",
              "version": "3.0.15485.0"
            },
            {
              "status": "affected",
              "version": "3.0.15645.0"
            },
            {
              "status": "affected",
              "version": "3.0.15711.0"
            },
            {
              "status": "affected",
              "version": "3.0.16040.0"
            },
            {
              "status": "affected",
              "version": "3.0.16269.0"
            },
            {
              "status": "affected",
              "version": "3.0.16273.0"
            },
            {
              "status": "affected",
              "version": "3.0.16285.0"
            },
            {
              "status": "affected",
              "version": "42.1.0.21190"
            },
            {
              "status": "affected",
              "version": "42.10.0.23814"
            },
            {
              "status": "affected",
              "version": "42.11.0.24187"
            },
            {
              "status": "affected",
              "version": "42.12.0.24485"
            },
            {
              "status": "affected",
              "version": "42.2.0.21338"
            },
            {
              "status": "affected",
              "version": "42.2.0.21486"
            },
            {
              "status": "affected",
              "version": "42.3.0.21576"
            },
            {
              "status": "affected",
              "version": "42.4.1.22032"
            },
            {
              "status": "affected",
              "version": "42.5.0.22259"
            },
            {
              "status": "affected",
              "version": "42.6.0.22565"
            },
            {
              "status": "affected",
              "version": "42.6.0.22645"
            },
            {
              "status": "affected",
              "version": "42.7.0.22904"
            },
            {
              "status": "affected",
              "version": "42.7.0.23054"
            },
            {
              "status": "affected",
              "version": "42.8.0.23214"
            },
            {
              "status": "affected",
              "version": "42.8.0.23281"
            },
            {
              "status": "affected",
              "version": "42.9.0.23494"
            },
            {
              "status": "affected",
              "version": "43.1.0.24716"
            },
            {
              "status": "affected",
              "version": "43.2.0.25157"
            },
            {
              "status": "affected",
              "version": "43.2.0.25211"
            },
            {
              "status": "affected",
              "version": "43.3.0.25468"
            },
            {
              "status": "affected",
              "version": "43.4.0.25788"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information.\r\n\r This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T16:33:55.108Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-webex-app-ZjNm8X8j",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webex-app-ZjNm8X8j",
        "defects": [
          "CSCwj36947"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20396",
    "datePublished": "2024-07-17T16:33:55.108Z",
    "dateReserved": "2023-11-08T15:08:07.660Z",
    "dateUpdated": "2024-08-01T21:59:41.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1939
Vulnerability from cvelistv5
Published
2019-09-05 01:25
Modified
2024-09-16 23:30
Summary
Cisco Webex Teams Logging Feature Command Execution Vulnerability
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:35:51.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190904 Cisco Webex Teams Logging Feature Command Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-webex-teams"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "3.0.12427.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-05T01:25:15",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190904 Cisco Webex Teams Logging Feature Command Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-webex-teams"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190904-webex-teams",
        "defect": [
          [
            "CSCvp30119"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Webex Teams Logging Feature Command Execution Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-09-04T16:00:00-0700",
          "ID": "CVE-2019-1939",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Teams Logging Feature Command Execution Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Teams",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "3.0.12427.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.5",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190904 Cisco Webex Teams Logging Feature Command Execution Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-webex-teams"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190904-webex-teams",
          "defect": [
            [
              "CSCvp30119"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1939",
    "datePublished": "2019-09-05T01:25:15.480898Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T23:30:51.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3131
Vulnerability from cvelistv5
Published
2020-01-26 04:31
Modified
2024-09-17 01:27
Summary
Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200122 Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cards-dos-FWzNcXPq"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.13131"
            }
          ]
        }
      ],
      "datePublic": "2020-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user\u0027s client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-27T22:12:16",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200122 Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cards-dos-FWzNcXPq"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webex-cards-dos-FWzNcXPq",
        "defect": [
          [
            "CSCvs25793"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-01-22T16:00:00-0800",
          "ID": "CVE-2020-3131",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Teams",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "3.0.13131"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user\u0027s client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "6.5",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200122 Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cards-dos-FWzNcXPq"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-webex-cards-dos-FWzNcXPq",
          "defect": [
            [
              "CSCvs25793"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3131",
    "datePublished": "2020-01-26T04:31:32.320572Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-09-17T01:27:03.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1636
Vulnerability from cvelistv5
Published
2019-01-23 23:00
Modified
2024-09-16 17:09
Summary
Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190123 Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams"
          },
          {
            "name": "106718",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106718"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-26T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190123 Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams"
        },
        {
          "name": "106718",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106718"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190123-webex-teams",
        "defect": [
          [
            "CSCvn02053"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-01-23T16:00:00-0800",
          "ID": "CVE-2019-1636",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Teams",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.8",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190123 Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams"
            },
            {
              "name": "106718",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106718"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190123-webex-teams",
          "defect": [
            [
              "CSCvn02053"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1636",
    "datePublished": "2019-01-23T23:00:00Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-16T17:09:08.173Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20104
Vulnerability from cvelistv5
Published
2023-03-03 00:00
Modified
2024-10-25 16:03
Summary
Cisco Webex App for Web Cross-Site Scripting Vulnerability
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230301 Cisco Webex App for Web Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-Yn8HHsMJ"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20104",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:36:26.938361Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:03:19.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending an arbitrary file to a user and persuading that user to browse to a specific URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-03T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230301 Cisco Webex App for Web Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-Yn8HHsMJ"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webex-xss-Yn8HHsMJ",
        "defect": [
          [
            "CSCwd96816"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Webex App for Web Cross-Site Scripting Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20104",
    "datePublished": "2023-03-03T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-10-25T16:03:19.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1242
Vulnerability from cvelistv5
Published
2021-01-13 21:17
Modified
2024-09-16 19:51
Summary
Cisco Webex Teams Shared File Manipulation Vulnerability
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:02:56.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210113 Cisco Webex Teams Shared File Manipulation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-450",
              "description": "CWE-450",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-13T21:17:28",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210113 Cisco Webex Teams Shared File Manipulation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webex-teams-7ZMcXG99",
        "defect": [
          [
            "CSCvv74842"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Webex Teams Shared File Manipulation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-01-13T16:00:00",
          "ID": "CVE-2021-1242",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Teams Shared File Manipulation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Teams",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-450"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210113 Cisco Webex Teams Shared File Manipulation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-webex-teams-7ZMcXG99",
          "defect": [
            [
              "CSCvv74842"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1242",
    "datePublished": "2021-01-13T21:17:28.265054Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-09-16T19:51:47.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1689
Vulnerability from cvelistv5
Published
2019-02-25 18:00
Modified
2024-09-17 02:00
Summary
Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:41.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190220 Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file"
          },
          {
            "name": "107101",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107101"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "3.13.26920",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-02-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-26T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190220 Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file"
        },
        {
          "name": "107101",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107101"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190220-webx-ios-file",
        "defect": [
          [
            "CSCvn16403"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-02-20T16:00:00-0800",
          "ID": "CVE-2019-1689",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Teams",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "3.13.26920"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.3",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190220 Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file"
            },
            {
              "name": "107101",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107101"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190220-webx-ios-file",
          "defect": [
            [
              "CSCvn16403"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1689",
    "datePublished": "2019-02-25T18:00:00Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-09-17T02:00:54.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3535
Vulnerability from cvelistv5
Published
2020-10-08 04:20
Modified
2024-09-17 00:16
Summary
Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability
Impacted products
CiscoCisco Webex Teams
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:55.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20201007 Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Teams",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user\u0026rsquo;s account."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-08T04:20:20",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20201007 Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webex-teams-dll-drsnH5AN",
        "defect": [
          [
            "CSCvu86655"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-10-07T16:00:00",
          "ID": "CVE-2020-3535",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Teams",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user\u0026rsquo;s account."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.8",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20201007 Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-webex-teams-dll-drsnH5AN",
          "defect": [
            [
              "CSCvu86655"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3535",
    "datePublished": "2020-10-08T04:20:20.854559Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-09-17T00:16:12.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}