FKIE_CVE-2024-20395

Vulnerability from fkie_nvd - Published: 2024-07-17 17:15 - Updated: 2025-07-31 16:04
Severity ?
6.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
7.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8jVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8jVendor Advisory
Impacted products
Vendor Product Version
cisco webex_teams 3.0.13464.0
cisco webex_teams 3.0.13538.0
cisco webex_teams 3.0.13588.0
cisco webex_teams 3.0.14154.0
cisco webex_teams 3.0.14234.0
cisco webex_teams 3.0.14375.0
cisco webex_teams 3.0.14741.0
cisco webex_teams 3.0.14866.0
cisco webex_teams 3.0.15015.0
cisco webex_teams 3.0.15036.0
cisco webex_teams 3.0.15092.0
cisco webex_teams 3.0.15131.0
cisco webex_teams 3.0.15164.0
cisco webex_teams 3.0.15221.0
cisco webex_teams 3.0.15333.0
cisco webex_teams 3.0.15410.0
cisco webex_teams 3.0.15485.0
cisco webex_teams 3.0.15645.0
cisco webex_teams 3.0.15711.0
cisco webex_teams 3.0.16040.0
cisco webex_teams 3.0.16269.0
cisco webex_teams 3.0.16273.0
cisco webex_teams 3.0.16285.0
cisco webex_teams 4.0
cisco webex_teams 4.1
cisco webex_teams 4.1.57
cisco webex_teams 4.1.92
cisco webex_teams 4.2
cisco webex_teams 4.2.42
cisco webex_teams 4.2.75
cisco webex_teams 4.3
cisco webex_teams 4.4
cisco webex_teams 4.5
cisco webex_teams 4.5.224
cisco webex_teams 4.6
cisco webex_teams 4.6.197
cisco webex_teams 4.7.78
cisco webex_teams 4.8
cisco webex_teams 4.8.170
cisco webex_teams 4.9
cisco webex_teams 4.9.205
cisco webex_teams 4.9.252
cisco webex_teams 4.9.269
cisco webex_teams 4.10
cisco webex_teams 4.10.343
cisco webex_teams 4.11.211
cisco webex_teams 4.12
cisco webex_teams 4.12.236
cisco webex_teams 4.13
cisco webex_teams 4.13.200
cisco webex_teams 4.14
cisco webex_teams 4.15
cisco webex_teams 4.16
cisco webex_teams 4.17
cisco webex_teams 4.18
cisco webex_teams 4.19
cisco webex_teams 4.20
cisco webex_teams 42.1.0.169
cisco webex_teams 42.1.0.2219
cisco webex_teams 42.1.0.21190
cisco webex_teams 42.2
cisco webex_teams 42.2.0.21338
cisco webex_teams 42.2.0.21486
cisco webex_teams 42.3
cisco webex_teams 42.3.0.21576
cisco webex_teams 42.4.1.22032
cisco webex_teams 42.5.0.22259
cisco webex_teams 42.6
cisco webex_teams 42.6.0.22565
cisco webex_teams 42.6.0.22645
cisco webex_teams 42.7
cisco webex_teams 42.7.0.22904
cisco webex_teams 42.7.0.23054
cisco webex_teams 42.8
cisco webex_teams 42.8.0.23214
cisco webex_teams 42.8.0.23281
cisco webex_teams 42.9
cisco webex_teams 42.9.0.23494
cisco webex_teams 42.10
cisco webex_teams 42.10.0.23814
cisco webex_teams 42.10.0.24000
cisco webex_teams 42.11
cisco webex_teams 42.11.0.24187
cisco webex_teams 42.12
cisco webex_teams 42.12.0.24485
cisco webex_teams 43.1
cisco webex_teams 43.1.0.24716
cisco webex_teams 43.2
cisco webex_teams 43.2.0.25157
cisco webex_teams 43.2.0.25211
cisco webex_teams 43.3
cisco webex_teams 43.3.0.25468
cisco webex_teams 43.4
cisco webex_teams 43.4.0.25788
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.13464.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "A0731376-1EF1-4361-89D9-6B2C0B64370E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.13538.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "8289243E-6CEC-43EC-B65C-9EA5E909D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.13588.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "F25EF33F-1164-4A67-B60B-EB6467DE9D9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.14154.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "C66338FC-7D39-459A-A42B-E26E9181C436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.14234.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "8C1AAA94-BE6C-4092-8770-F2F646B79E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.14375.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "FA788BAC-1DC0-42E4-BA10-2A89934E84F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.14741.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "A6DDBEE5-D11F-4BFF-9A5C-028407FBAA45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.14866.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "4499D4FB-FC7C-4974-8343-57B2CAE63136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15015.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "E7CA0AAA-E188-4750-81B1-39B191551FA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15036.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "90657271-CDE4-4BCE-9382-0CF7A93B97D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15092.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "9E2928B4-6CA9-4CB4-9AAB-036974746EC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15131.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "5134AE77-8890-422F-8328-0676FB4D863C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15164.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "B72A2ADC-98EE-4EE2-8EDD-8D24432526AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15221.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "FB34AF13-AACA-450A-B55B-91D87AE36453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15333.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "50B3FEE3-C3F2-4134-931F-CAD806F87156",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15410.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "4E2C3B35-124E-45B7-9EBC-EF1507CAAEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15485.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "6483C20E-E95D-443E-9C0E-8FFA0A54292D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15645.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "AA1D8B71-94F1-438B-98FD-2F7A17CF7663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15711.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "FC5DC5E2-4FAB-4C7C-915F-0310A85A90B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.16040.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "33A4716E-0A8E-450C-8A23-99EC4818CA8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.16269.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "FFD800A7-5E0A-463D-95F8-543DBECCCB74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.16273.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "57EBA9CF-6588-40D1-BF98-A3189E0BD8AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:3.0.16285.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "44405865-5EE6-4AFE-BE55-ED149A614C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.0:*:*:*:*:-:*:*",
              "matchCriteriaId": "884A4E78-54EE-49F1-B414-D67498B61015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.1:*:*:*:*:-:*:*",
              "matchCriteriaId": "541722A6-CA34-4999-891C-9245F9958F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.1.57:*:*:*:*:-:*:*",
              "matchCriteriaId": "607A5868-98E7-4693-9E86-EBD48764A06C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.1.92:*:*:*:*:-:*:*",
              "matchCriteriaId": "6538CBC9-0BFA-4DB3-A754-3B770E3230CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.2:*:*:*:*:-:*:*",
              "matchCriteriaId": "F6030AFD-E170-42E2-9C13-588AA08BE560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.2.42:*:*:*:*:-:*:*",
              "matchCriteriaId": "DDCAF3B6-251B-4468-9A84-8E7204EFE065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.2.75:*:*:*:*:-:*:*",
              "matchCriteriaId": "0547F801-29FE-4AB5-AA6B-478920062928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.3:*:*:*:*:-:*:*",
              "matchCriteriaId": "4753283B-14DA-42A8-8577-084067645E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.4:*:*:*:*:-:*:*",
              "matchCriteriaId": "D1E4DAE5-03B4-409F-B1F0-D325F7743063",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "BB84CCC7-0BA0-4FDE-A8B9-0C83967D1769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.5.224:*:*:*:*:-:*:*",
              "matchCriteriaId": "4027766A-85CF-4BF7-9FEA-04DED535DBD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.6:*:*:*:*:-:*:*",
              "matchCriteriaId": "7F114421-1DA7-47F6-A3B1-9B739B3B78ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.6.197:*:*:*:*:-:*:*",
              "matchCriteriaId": "CEA1CE45-C406-45DD-AEEE-5E5FE4C52091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.7.78:*:*:*:*:-:*:*",
              "matchCriteriaId": "1F5891B7-C9FA-4BF6-BC5D-D2CFC8A28CE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.8:*:*:*:*:-:*:*",
              "matchCriteriaId": "831FC631-4D0D-424A-A743-E0EF2240853D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.8.170:*:*:*:*:-:*:*",
              "matchCriteriaId": "CB1D62ED-0FB0-423B-AB3A-ECBBCE1D750E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.9:*:*:*:*:-:*:*",
              "matchCriteriaId": "451837E9-1C00-4AEE-9CBA-0BCD62F10EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.9.205:*:*:*:*:-:*:*",
              "matchCriteriaId": "89E775E8-CF8E-412E-91FB-FE4FBE4E8875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.9.252:*:*:*:*:-:*:*",
              "matchCriteriaId": "DF746917-7BD5-4111-86FA-E3A7C66B7D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.9.269:*:*:*:*:-:*:*",
              "matchCriteriaId": "FD2EFE51-A37B-431B-BB7D-F61F42F66513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.10:*:*:*:*:-:*:*",
              "matchCriteriaId": "82F843BE-035F-41DE-B875-96412D40E633",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.10.343:*:*:*:*:-:*:*",
              "matchCriteriaId": "34AEDBA9-436A-4FFF-B32E-4D8EEE07E1E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.11.211:*:*:*:*:-:*:*",
              "matchCriteriaId": "17C5AF29-BCDB-47F5-A33A-121D8709D1DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.12:*:*:*:*:-:*:*",
              "matchCriteriaId": "C0F8C917-86F7-41B4-8952-EE60F39705FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.12.236:*:*:*:*:-:*:*",
              "matchCriteriaId": "B87F5E8E-0B62-4F44-968C-848C8844911C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.13:*:*:*:*:-:*:*",
              "matchCriteriaId": "4F9169C8-D677-4550-BB1D-661BCE66A6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.13.200:*:*:*:*:-:*:*",
              "matchCriteriaId": "5751F200-C070-4F38-9A49-CD0C81890663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.14:*:*:*:*:-:*:*",
              "matchCriteriaId": "C9E2FE4F-2A69-4516-A507-5E0804186D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.15:*:*:*:*:-:*:*",
              "matchCriteriaId": "8FA482C9-BEA4-4CB3-9FA0-7F49F9994817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.16:*:*:*:*:-:*:*",
              "matchCriteriaId": "D43460DB-12F9-44CA-8F2B-043C0BA90462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.17:*:*:*:*:-:*:*",
              "matchCriteriaId": "F52C9271-5B79-4AA2-B0BD-1920A746C874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.18:*:*:*:*:-:*:*",
              "matchCriteriaId": "BDE335B1-47B3-4B6A-9348-4C09F638F6D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.19:*:*:*:*:-:*:*",
              "matchCriteriaId": "0FD7D1F8-DAC9-4A82-ADCF-1B28B036A097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:4.20:*:*:*:*:-:*:*",
              "matchCriteriaId": "2B28E8FB-339C-47BE-A0ED-F499C50F0F19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.1.0.169:*:*:*:*:-:*:*",
              "matchCriteriaId": "7C8BB483-0BB1-4415-8DE3-0817AD0F05C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.1.0.2219:*:*:*:*:-:*:*",
              "matchCriteriaId": "08FA3F4E-1DD9-40CA-82FB-42B3451CB50E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.1.0.21190:*:*:*:*:-:*:*",
              "matchCriteriaId": "BDC16500-BE29-4F48-B10F-CF1A5E5170BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.2:*:*:*:*:-:*:*",
              "matchCriteriaId": "8482BEDC-AA74-4DA4-919E-0A4F57551F60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.2.0.21338:*:*:*:*:-:*:*",
              "matchCriteriaId": "DC462FE6-D300-4A60-9A39-366420CA2930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.2.0.21486:*:*:*:*:-:*:*",
              "matchCriteriaId": "A3C5E73E-6AFE-4A40-920A-7C511477AAC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.3:*:*:*:*:-:*:*",
              "matchCriteriaId": "27A08866-6C64-41CF-A228-F838CF3A0370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.3.0.21576:*:*:*:*:-:*:*",
              "matchCriteriaId": "8671E430-9610-475B-A42B-23D9B389531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.4.1.22032:*:*:*:*:-:*:*",
              "matchCriteriaId": "B6C446D7-7700-448A-B9CE-99F8E4E5D119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.5.0.22259:*:*:*:*:-:*:*",
              "matchCriteriaId": "6A5BBD96-10D5-4E7D-92D5-924C87146450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.6:*:*:*:*:-:*:*",
              "matchCriteriaId": "7494FC8F-E36D-49D3-8BCB-F51C14B125CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.6.0.22565:*:*:*:*:-:*:*",
              "matchCriteriaId": "0933FFB3-20B9-4911-868B-27A6ACBE1E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.6.0.22645:*:*:*:*:-:*:*",
              "matchCriteriaId": "9BFA48AE-1685-407B-8917-7F277657D3D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.7:*:*:*:*:-:*:*",
              "matchCriteriaId": "501BAD21-7B5E-4E7D-8CC7-86828124AF5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.7.0.22904:*:*:*:*:-:*:*",
              "matchCriteriaId": "61DAC3AC-AE37-43C3-B65C-CC513E90E069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.7.0.23054:*:*:*:*:-:*:*",
              "matchCriteriaId": "DC18AF9B-AC2F-4183-8021-BF08026FA33B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.8:*:*:*:*:-:*:*",
              "matchCriteriaId": "EF1964F5-CCEC-4D0C-94D1-3F83726CB5A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.8.0.23214:*:*:*:*:-:*:*",
              "matchCriteriaId": "798FCD25-77F4-4625-91D5-E1BBE353B7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.8.0.23281:*:*:*:*:-:*:*",
              "matchCriteriaId": "CF286711-7D09-4125-BDCE-6FCC520A54B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.9:*:*:*:*:-:*:*",
              "matchCriteriaId": "01ED5949-173F-42A6-A0B0-67C47125F966",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.9.0.23494:*:*:*:*:-:*:*",
              "matchCriteriaId": "1EB7D461-BFF7-4D4A-A6B4-BCF290379076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.10:*:*:*:*:-:*:*",
              "matchCriteriaId": "2C29410E-7B91-40DC-8AD2-C30A9162E822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.10.0.23814:*:*:*:*:-:*:*",
              "matchCriteriaId": "E4B6854B-7843-4FBF-81AA-ABA6145F8458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.10.0.24000:*:*:*:*:-:*:*",
              "matchCriteriaId": "16D9C9E7-98B3-4A6A-AC48-F8E7C18CA1FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.11:*:*:*:*:-:*:*",
              "matchCriteriaId": "573337DC-A95D-4720-9637-3BE590410FCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.11.0.24187:*:*:*:*:-:*:*",
              "matchCriteriaId": "1C54D0AC-F9EC-4FA7-9BA6-6DBDC3743C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.12:*:*:*:*:-:*:*",
              "matchCriteriaId": "CF2E05E2-B6B6-419D-BE2F-BFB743EFB619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:42.12.0.24485:*:*:*:*:-:*:*",
              "matchCriteriaId": "5FB14348-E1EE-43E6-A66E-23B78E805DFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:43.1:*:*:*:*:-:*:*",
              "matchCriteriaId": "97A7514D-3BEF-4895-B313-E38D0EA4ABCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:43.1.0.24716:*:*:*:*:-:*:*",
              "matchCriteriaId": "F0AA0F07-C8DF-4AC1-8799-0D2612FA65E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:43.2:*:*:*:*:-:*:*",
              "matchCriteriaId": "0BF47256-96E9-46C3-BCA0-80A0A0077AF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:43.2.0.25157:*:*:*:*:-:*:*",
              "matchCriteriaId": "EAC1AE74-F875-4161-95A3-102E5AC35015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:43.2.0.25211:*:*:*:*:-:*:*",
              "matchCriteriaId": "60571D58-E948-4F17-9A9B-7F853D85C995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:43.3:*:*:*:*:-:*:*",
              "matchCriteriaId": "4B33A187-3E22-4A56-8E3D-6AB7218099A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:43.3.0.25468:*:*:*:*:-:*:*",
              "matchCriteriaId": "5356285B-A3C2-45D2-BE88-41B3F27DD294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:43.4:*:*:*:*:-:*:*",
              "matchCriteriaId": "19D33A9F-0EF2-4CB2-B085-AFB46DBBE4F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_teams:43.4.0.25788:*:*:*:*:-:*:*",
              "matchCriteriaId": "ED47DCB3-FABB-4AAE-A565-09A13693E5F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.\r\n\r This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad de recuperaci\u00f3n de medios de la aplicaci\u00f3n Cisco Webex podr\u00eda permitir que un atacante adyacente no autenticado obtenga acceso a informaci\u00f3n confidencial de la sesi\u00f3n. Esta vulnerabilidad se debe a la transmisi\u00f3n insegura de solicitudes a servicios de backend cuando la aplicaci\u00f3n accede a medios integrados, como im\u00e1genes. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un mensaje con medios integrados almacenados en un servidor de mensajer\u00eda a un usuario objetivo. Si el atacante puede observar el tr\u00e1fico transmitido en una posici\u00f3n privilegiada de la red, una explotaci\u00f3n exitosa podr\u00eda permitirle capturar informaci\u00f3n del token de sesi\u00f3n de solicitudes transmitidas de manera insegura y posiblemente reutilizar la informaci\u00f3n de la sesi\u00f3n capturada para tomar acciones adicionales como el usuario objetivo."
    }
  ],
  "id": "CVE-2024-20395",
  "lastModified": "2025-07-31T16:04:57.460",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-17T17:15:12.833",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-523"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.