Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-28JG-69QR-J99G
Vulnerability from github – Published: 2024-07-17 18:31 – Updated: 2024-07-17 18:31
VLAI?
Details
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.
This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.
Severity ?
6.4 (Medium)
{
"affected": [],
"aliases": [
"CVE-2024-20395"
],
"database_specific": {
"cwe_ids": [
"CWE-523"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-17T17:15:12Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.\n\n This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.",
"id": "GHSA-28jg-69qr-j99g",
"modified": "2024-07-17T18:31:00Z",
"published": "2024-07-17T18:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20395"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
CVE-2024-20395 (GCVE-0-2024-20395)
Vulnerability from cvelistv5 – Published: 2024-07-17 16:32 – Updated: 2024-08-01 21:59
VLAI?
EPSS
Summary
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.
This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.
Severity ?
6.4 (Medium)
CWE
- CWE-523 - Unprotected Transport of Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Webex Teams |
Affected:
3.0.13464.0
Affected: 3.0.13538.0 Affected: 3.0.13588.0 Affected: 3.0.14154.0 Affected: 3.0.14234.0 Affected: 3.0.14375.0 Affected: 3.0.14741.0 Affected: 3.0.14866.0 Affected: 3.0.15015.0 Affected: 3.0.15036.0 Affected: 3.0.15092.0 Affected: 3.0.15131.0 Affected: 3.0.15164.0 Affected: 3.0.15221.0 Affected: 3.0.15333.0 Affected: 3.0.15410.0 Affected: 3.0.15485.0 Affected: 3.0.15645.0 Affected: 3.0.15711.0 Affected: 3.0.16040.0 Affected: 3.0.16269.0 Affected: 3.0.16273.0 Affected: 3.0.16285.0 Affected: 4.0 Affected: 4.1 Affected: 4.10 Affected: 4.12 Affected: 4.13 Affected: 4.14 Affected: 4.15 Affected: 4.16 Affected: 4.17 Affected: 4.18 Affected: 4.19 Affected: 4.2 Affected: 4.20 Affected: 4.3 Affected: 4.4 Affected: 4.5 Affected: 4.6 Affected: 4.8 Affected: 4.9 Affected: 4.1.57 Affected: 4.1.92 Affected: 4.10.343 Affected: 4.11.211 Affected: 4.12.236 Affected: 4.13.200 Affected: 4.2.42 Affected: 4.2.75 Affected: 4.5.224 Affected: 4.6.197 Affected: 4.7.78 Affected: 4.8.170 Affected: 4.9.205 Affected: 4.9.252 Affected: 4.9.269 Affected: 42.1.0.169 Affected: 42.1.0.21190 Affected: 42.1.0.2219 Affected: 42.10 Affected: 42.10.0.23814 Affected: 42.10.0.24000 Affected: 42.11 Affected: 42.11.0.24187 Affected: 42.12 Affected: 42.12.0.24485 Affected: 42.2 Affected: 42.2.0.21338 Affected: 42.2.0.21486 Affected: 42.3 Affected: 42.3.0.21576 Affected: 42.4.1.22032 Affected: 42.5.0.22259 Affected: 42.6 Affected: 42.6.0.22565 Affected: 42.6.0.22645 Affected: 42.7 Affected: 42.7.0.22904 Affected: 42.7.0.23054 Affected: 42.8 Affected: 42.8.0.23214 Affected: 42.8.0.23281 Affected: 42.9 Affected: 42.9.0.23494 Affected: 43.1 Affected: 43.1.0.24716 Affected: 43.2 Affected: 43.2.0.25157 Affected: 43.2.0.25211 Affected: 43.3 Affected: 43.3.0.25468 Affected: 43.4 Affected: 43.4.0.25788 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:webex_teams:3.0.13464.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.13538.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.13588.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14154.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14234.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14375.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14741.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14866.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15015.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15036.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15092.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15131.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15164.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15221.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15333.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15410.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15485.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15645.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15711.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16040.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16269.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16273.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16285.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.13:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.14:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.15:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.16:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.17:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.18:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.19:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.20:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.1.57:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.1.92:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.10.343:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.11.211:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.12.236:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.13.200:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.2.42:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.2.75:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.5.224:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.6.197:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.7.78:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.8.170:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9.205:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9.252:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9.269:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.1.0.169:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.1.0.21190:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.1.0.2219:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.10.0.23814:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.10.0.24000:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.11:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.11.0.24187:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.12.0.24485:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.2.0.21338:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.2.0.21486:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.3.0.21576:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.4.1.22032:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.5.0.22259:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.6.0.22565:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.6.0.22645:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.7.0.22904:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.7.0.23054:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.8.0.23214:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.8.0.23281:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.9.0.23494:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.1.0.24716:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.2.0.25157:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.2.0.25211:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.3.0.25468:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.4.0.25788:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webex_teams",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "3.0.13464.0"
},
{
"status": "affected",
"version": "3.0.13538.0"
},
{
"status": "affected",
"version": "3.0.13588.0"
},
{
"status": "affected",
"version": "3.0.14154.0"
},
{
"status": "affected",
"version": "3.0.14234.0"
},
{
"status": "affected",
"version": "3.0.14375.0"
},
{
"status": "affected",
"version": "3.0.14741.0"
},
{
"status": "affected",
"version": "3.0.14866.0"
},
{
"status": "affected",
"version": "3.0.15015.0"
},
{
"status": "affected",
"version": "3.0.15036.0"
},
{
"status": "affected",
"version": "3.0.15092.0"
},
{
"status": "affected",
"version": "3.0.15131.0"
},
{
"status": "affected",
"version": "3.0.15164.0"
},
{
"status": "affected",
"version": "3.0.15221.0"
},
{
"status": "affected",
"version": "3.0.15333.0"
},
{
"status": "affected",
"version": "3.0.15410.0"
},
{
"status": "affected",
"version": "3.0.15485.0"
},
{
"status": "affected",
"version": "3.0.15645.0"
},
{
"status": "affected",
"version": "3.0.15711.0"
},
{
"status": "affected",
"version": "3.0.16040.0"
},
{
"status": "affected",
"version": "3.0.16269.0"
},
{
"status": "affected",
"version": "3.0.16273.0"
},
{
"status": "affected",
"version": "3.0.16285.0"
},
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.10"
},
{
"status": "affected",
"version": "4.12"
},
{
"status": "affected",
"version": "4.13"
},
{
"status": "affected",
"version": "4.14"
},
{
"status": "affected",
"version": "4.15"
},
{
"status": "affected",
"version": "4.16"
},
{
"status": "affected",
"version": "4.17"
},
{
"status": "affected",
"version": "4.18"
},
{
"status": "affected",
"version": "4.19"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.20"
},
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6"
},
{
"status": "affected",
"version": "4.8"
},
{
"status": "affected",
"version": "4.9"
},
{
"status": "affected",
"version": "4.1.57"
},
{
"status": "affected",
"version": "4.1.92"
},
{
"status": "affected",
"version": "4.10.343"
},
{
"status": "affected",
"version": "4.11.211"
},
{
"status": "affected",
"version": "4.12.236"
},
{
"status": "affected",
"version": "4.13.200"
},
{
"status": "affected",
"version": "4.2.42"
},
{
"status": "affected",
"version": "4.2.75"
},
{
"status": "affected",
"version": "4.5.224"
},
{
"status": "affected",
"version": "4.6.197"
},
{
"status": "affected",
"version": "4.7.78"
},
{
"status": "affected",
"version": "4.8.170"
},
{
"status": "affected",
"version": "4.9.205"
},
{
"status": "affected",
"version": "4.9.252"
},
{
"status": "affected",
"version": "4.9.269"
},
{
"status": "affected",
"version": "42.1.0.169"
},
{
"status": "affected",
"version": "42.1.0.21190"
},
{
"status": "affected",
"version": "42.1.0.2219"
},
{
"status": "affected",
"version": "42.10"
},
{
"status": "affected",
"version": "42.10.0.23814"
},
{
"status": "affected",
"version": "42.10.0.24000"
},
{
"status": "affected",
"version": "42.11"
},
{
"status": "affected",
"version": "42.11.0.24187"
},
{
"status": "affected",
"version": "42.12"
},
{
"status": "affected",
"version": "42.12.0.24485"
},
{
"status": "affected",
"version": "42.2"
},
{
"status": "affected",
"version": "42.2.0.21338"
},
{
"status": "affected",
"version": "42.2.0.21486"
},
{
"status": "affected",
"version": "42.3"
},
{
"status": "affected",
"version": "42.3.0.21576"
},
{
"status": "affected",
"version": "42.4.1.22032"
},
{
"status": "affected",
"version": "42.5.0.22259"
},
{
"status": "affected",
"version": "42.6"
},
{
"status": "affected",
"version": "42.6.0.22565"
},
{
"status": "affected",
"version": "42.6.0.22645"
},
{
"status": "affected",
"version": "42.7"
},
{
"status": "affected",
"version": "42.7.0.22904"
},
{
"status": "affected",
"version": "42.7.0.23054"
},
{
"status": "affected",
"version": "42.8"
},
{
"status": "affected",
"version": "42.8.0.23214"
},
{
"status": "affected",
"version": "42.8.0.23281"
},
{
"status": "affected",
"version": "42.9"
},
{
"status": "affected",
"version": "42.9.0.23494"
},
{
"status": "affected",
"version": "43.1"
},
{
"status": "affected",
"version": "43.1.0.24716"
},
{
"status": "affected",
"version": "43.2"
},
{
"status": "affected",
"version": "43.2.0.25157"
},
{
"status": "affected",
"version": "43.2.0.25211"
},
{
"status": "affected",
"version": "43.3"
},
{
"status": "affected",
"version": "43.3.0.25468"
},
{
"status": "affected",
"version": "43.4"
},
{
"status": "affected",
"version": "43.4.0.25788"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T03:55:23.962265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T13:23:45.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-webex-app-ZjNm8X8j",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Teams",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.13464.0"
},
{
"status": "affected",
"version": "3.0.13538.0"
},
{
"status": "affected",
"version": "3.0.13588.0"
},
{
"status": "affected",
"version": "3.0.14154.0"
},
{
"status": "affected",
"version": "3.0.14234.0"
},
{
"status": "affected",
"version": "3.0.14375.0"
},
{
"status": "affected",
"version": "3.0.14741.0"
},
{
"status": "affected",
"version": "3.0.14866.0"
},
{
"status": "affected",
"version": "3.0.15015.0"
},
{
"status": "affected",
"version": "3.0.15036.0"
},
{
"status": "affected",
"version": "3.0.15092.0"
},
{
"status": "affected",
"version": "3.0.15131.0"
},
{
"status": "affected",
"version": "3.0.15164.0"
},
{
"status": "affected",
"version": "3.0.15221.0"
},
{
"status": "affected",
"version": "3.0.15333.0"
},
{
"status": "affected",
"version": "3.0.15410.0"
},
{
"status": "affected",
"version": "3.0.15485.0"
},
{
"status": "affected",
"version": "3.0.15645.0"
},
{
"status": "affected",
"version": "3.0.15711.0"
},
{
"status": "affected",
"version": "3.0.16040.0"
},
{
"status": "affected",
"version": "3.0.16269.0"
},
{
"status": "affected",
"version": "3.0.16273.0"
},
{
"status": "affected",
"version": "3.0.16285.0"
},
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.10"
},
{
"status": "affected",
"version": "4.12"
},
{
"status": "affected",
"version": "4.13"
},
{
"status": "affected",
"version": "4.14"
},
{
"status": "affected",
"version": "4.15"
},
{
"status": "affected",
"version": "4.16"
},
{
"status": "affected",
"version": "4.17"
},
{
"status": "affected",
"version": "4.18"
},
{
"status": "affected",
"version": "4.19"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.20"
},
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6"
},
{
"status": "affected",
"version": "4.8"
},
{
"status": "affected",
"version": "4.9"
},
{
"status": "affected",
"version": "4.1.57"
},
{
"status": "affected",
"version": "4.1.92"
},
{
"status": "affected",
"version": "4.10.343"
},
{
"status": "affected",
"version": "4.11.211"
},
{
"status": "affected",
"version": "4.12.236"
},
{
"status": "affected",
"version": "4.13.200"
},
{
"status": "affected",
"version": "4.2.42"
},
{
"status": "affected",
"version": "4.2.75"
},
{
"status": "affected",
"version": "4.5.224"
},
{
"status": "affected",
"version": "4.6.197"
},
{
"status": "affected",
"version": "4.7.78"
},
{
"status": "affected",
"version": "4.8.170"
},
{
"status": "affected",
"version": "4.9.205"
},
{
"status": "affected",
"version": "4.9.252"
},
{
"status": "affected",
"version": "4.9.269"
},
{
"status": "affected",
"version": "42.1.0.169"
},
{
"status": "affected",
"version": "42.1.0.21190"
},
{
"status": "affected",
"version": "42.1.0.2219"
},
{
"status": "affected",
"version": "42.10"
},
{
"status": "affected",
"version": "42.10.0.23814"
},
{
"status": "affected",
"version": "42.10.0.24000"
},
{
"status": "affected",
"version": "42.11"
},
{
"status": "affected",
"version": "42.11.0.24187"
},
{
"status": "affected",
"version": "42.12"
},
{
"status": "affected",
"version": "42.12.0.24485"
},
{
"status": "affected",
"version": "42.2"
},
{
"status": "affected",
"version": "42.2.0.21338"
},
{
"status": "affected",
"version": "42.2.0.21486"
},
{
"status": "affected",
"version": "42.3"
},
{
"status": "affected",
"version": "42.3.0.21576"
},
{
"status": "affected",
"version": "42.4.1.22032"
},
{
"status": "affected",
"version": "42.5.0.22259"
},
{
"status": "affected",
"version": "42.6"
},
{
"status": "affected",
"version": "42.6.0.22565"
},
{
"status": "affected",
"version": "42.6.0.22645"
},
{
"status": "affected",
"version": "42.7"
},
{
"status": "affected",
"version": "42.7.0.22904"
},
{
"status": "affected",
"version": "42.7.0.23054"
},
{
"status": "affected",
"version": "42.8"
},
{
"status": "affected",
"version": "42.8.0.23214"
},
{
"status": "affected",
"version": "42.8.0.23281"
},
{
"status": "affected",
"version": "42.9"
},
{
"status": "affected",
"version": "42.9.0.23494"
},
{
"status": "affected",
"version": "43.1"
},
{
"status": "affected",
"version": "43.1.0.24716"
},
{
"status": "affected",
"version": "43.2"
},
{
"status": "affected",
"version": "43.2.0.25157"
},
{
"status": "affected",
"version": "43.2.0.25211"
},
{
"status": "affected",
"version": "43.3"
},
{
"status": "affected",
"version": "43.3.0.25468"
},
{
"status": "affected",
"version": "43.4"
},
{
"status": "affected",
"version": "43.4.0.25788"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.\r\n\r This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "Unprotected Transport of Credentials",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T16:32:07.102Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-webex-app-ZjNm8X8j",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
],
"source": {
"advisory": "cisco-sa-webex-app-ZjNm8X8j",
"defects": [
"CSCwj36941",
"CSCwj36943"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20395",
"datePublished": "2024-07-17T16:32:07.102Z",
"dateReserved": "2023-11-08T15:08:07.659Z",
"dateUpdated": "2024-08-01T21:59:42.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…