Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2024-1668
Vulnerability from csaf_certbund - Published: 2024-07-17 22:00 - Updated: 2024-07-17 22:00Summary
Cisco WebEx: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der WebEx Meeting Service ist ein Multimedia Konferenz System von Cisco.
Angriff
Ein entfernter oder ein angrenzender Angreifer kann mehrere Schwachstellen in Cisco WebEx ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Sonstiges
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der WebEx Meeting Service ist ein Multimedia Konferenz System von Cisco.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter oder ein angrenzender Angreifer kann mehrere Schwachstellen in Cisco WebEx ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1668 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1668.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1668 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1668"
},
{
"category": "external",
"summary": "Cisco Security Advisory vom 2024-07-17",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
],
"source_lang": "en-US",
"title": "Cisco WebEx: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
"tracking": {
"current_release_date": "2024-07-17T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:11:34.940+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1668",
"initial_release_date": "2024-07-17T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-17T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cisco WebEx",
"product": {
"name": "Cisco WebEx",
"product_id": "T036340",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:webex:-"
}
}
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-20395",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in der Medienabfragefunktion von Cisco WebEx aufgrund einer unsicheren \u00dcbertragung von Anfragen an Backend-Dienste. Durch das Senden einer Meldung mit eingebetteten Medien, die auf einem Messaging-Server gespeichert sind, kann ein Angreifer aus einem angrenzenden Netzwerk diese Schwachstelle ausnutzen, um Zugriff auf sensible Sitzungsinformationen zu erhalten und so vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T036340"
]
},
"release_date": "2024-07-17T22:00:00.000+00:00",
"title": "CVE-2024-20395"
},
{
"cve": "CVE-2024-20396",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in den Protokoll-Handlern von Cisco WebEx. Indem ein Benutzer dazu gebracht wird, einem Link zu folgen, der die Anwendung zum Senden von Anfragen veranlasst, kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um vertrauliche Informationen, einschlie\u00dflich Anmeldeinformationen, zu erfassen und so vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T036340"
]
},
"release_date": "2024-07-17T22:00:00.000+00:00",
"title": "CVE-2024-20396"
}
]
}
CVE-2024-20396 (GCVE-0-2024-20396)
Vulnerability from cvelistv5 – Published: 2024-07-17 16:33 – Updated: 2024-08-01 21:59
VLAI?
EPSS
Summary
A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information.
This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Webex Teams |
Affected:
3.0.13464.0
Affected: 3.0.13538.0 Affected: 3.0.13588.0 Affected: 3.0.14154.0 Affected: 3.0.14234.0 Affected: 3.0.14375.0 Affected: 3.0.14741.0 Affected: 3.0.14866.0 Affected: 3.0.15015.0 Affected: 3.0.15036.0 Affected: 3.0.15092.0 Affected: 3.0.15131.0 Affected: 3.0.15164.0 Affected: 3.0.15221.0 Affected: 3.0.15333.0 Affected: 3.0.15410.0 Affected: 3.0.15485.0 Affected: 3.0.15645.0 Affected: 3.0.15711.0 Affected: 3.0.16040.0 Affected: 3.0.16269.0 Affected: 3.0.16273.0 Affected: 3.0.16285.0 Affected: 42.1.0.21190 Affected: 42.10.0.23814 Affected: 42.11.0.24187 Affected: 42.12.0.24485 Affected: 42.2.0.21338 Affected: 42.2.0.21486 Affected: 42.3.0.21576 Affected: 42.4.1.22032 Affected: 42.5.0.22259 Affected: 42.6.0.22565 Affected: 42.6.0.22645 Affected: 42.7.0.22904 Affected: 42.7.0.23054 Affected: 42.8.0.23214 Affected: 42.8.0.23281 Affected: 42.9.0.23494 Affected: 43.1.0.24716 Affected: 43.2.0.25157 Affected: 43.2.0.25211 Affected: 43.3.0.25468 Affected: 43.4.0.25788 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T17:59:58.773024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T18:00:53.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-webex-app-ZjNm8X8j",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Teams",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.13464.0"
},
{
"status": "affected",
"version": "3.0.13538.0"
},
{
"status": "affected",
"version": "3.0.13588.0"
},
{
"status": "affected",
"version": "3.0.14154.0"
},
{
"status": "affected",
"version": "3.0.14234.0"
},
{
"status": "affected",
"version": "3.0.14375.0"
},
{
"status": "affected",
"version": "3.0.14741.0"
},
{
"status": "affected",
"version": "3.0.14866.0"
},
{
"status": "affected",
"version": "3.0.15015.0"
},
{
"status": "affected",
"version": "3.0.15036.0"
},
{
"status": "affected",
"version": "3.0.15092.0"
},
{
"status": "affected",
"version": "3.0.15131.0"
},
{
"status": "affected",
"version": "3.0.15164.0"
},
{
"status": "affected",
"version": "3.0.15221.0"
},
{
"status": "affected",
"version": "3.0.15333.0"
},
{
"status": "affected",
"version": "3.0.15410.0"
},
{
"status": "affected",
"version": "3.0.15485.0"
},
{
"status": "affected",
"version": "3.0.15645.0"
},
{
"status": "affected",
"version": "3.0.15711.0"
},
{
"status": "affected",
"version": "3.0.16040.0"
},
{
"status": "affected",
"version": "3.0.16269.0"
},
{
"status": "affected",
"version": "3.0.16273.0"
},
{
"status": "affected",
"version": "3.0.16285.0"
},
{
"status": "affected",
"version": "42.1.0.21190"
},
{
"status": "affected",
"version": "42.10.0.23814"
},
{
"status": "affected",
"version": "42.11.0.24187"
},
{
"status": "affected",
"version": "42.12.0.24485"
},
{
"status": "affected",
"version": "42.2.0.21338"
},
{
"status": "affected",
"version": "42.2.0.21486"
},
{
"status": "affected",
"version": "42.3.0.21576"
},
{
"status": "affected",
"version": "42.4.1.22032"
},
{
"status": "affected",
"version": "42.5.0.22259"
},
{
"status": "affected",
"version": "42.6.0.22565"
},
{
"status": "affected",
"version": "42.6.0.22645"
},
{
"status": "affected",
"version": "42.7.0.22904"
},
{
"status": "affected",
"version": "42.7.0.23054"
},
{
"status": "affected",
"version": "42.8.0.23214"
},
{
"status": "affected",
"version": "42.8.0.23281"
},
{
"status": "affected",
"version": "42.9.0.23494"
},
{
"status": "affected",
"version": "43.1.0.24716"
},
{
"status": "affected",
"version": "43.2.0.25157"
},
{
"status": "affected",
"version": "43.2.0.25211"
},
{
"status": "affected",
"version": "43.3.0.25468"
},
{
"status": "affected",
"version": "43.4.0.25788"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information.\r\n\r This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T16:33:55.108Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-webex-app-ZjNm8X8j",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
],
"source": {
"advisory": "cisco-sa-webex-app-ZjNm8X8j",
"defects": [
"CSCwj36947"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20396",
"datePublished": "2024-07-17T16:33:55.108Z",
"dateReserved": "2023-11-08T15:08:07.660Z",
"dateUpdated": "2024-08-01T21:59:41.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20395 (GCVE-0-2024-20395)
Vulnerability from cvelistv5 – Published: 2024-07-17 16:32 – Updated: 2024-08-01 21:59
VLAI?
EPSS
Summary
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.
This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.
Severity ?
6.4 (Medium)
CWE
- CWE-523 - Unprotected Transport of Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Webex Teams |
Affected:
3.0.13464.0
Affected: 3.0.13538.0 Affected: 3.0.13588.0 Affected: 3.0.14154.0 Affected: 3.0.14234.0 Affected: 3.0.14375.0 Affected: 3.0.14741.0 Affected: 3.0.14866.0 Affected: 3.0.15015.0 Affected: 3.0.15036.0 Affected: 3.0.15092.0 Affected: 3.0.15131.0 Affected: 3.0.15164.0 Affected: 3.0.15221.0 Affected: 3.0.15333.0 Affected: 3.0.15410.0 Affected: 3.0.15485.0 Affected: 3.0.15645.0 Affected: 3.0.15711.0 Affected: 3.0.16040.0 Affected: 3.0.16269.0 Affected: 3.0.16273.0 Affected: 3.0.16285.0 Affected: 4.0 Affected: 4.1 Affected: 4.10 Affected: 4.12 Affected: 4.13 Affected: 4.14 Affected: 4.15 Affected: 4.16 Affected: 4.17 Affected: 4.18 Affected: 4.19 Affected: 4.2 Affected: 4.20 Affected: 4.3 Affected: 4.4 Affected: 4.5 Affected: 4.6 Affected: 4.8 Affected: 4.9 Affected: 4.1.57 Affected: 4.1.92 Affected: 4.10.343 Affected: 4.11.211 Affected: 4.12.236 Affected: 4.13.200 Affected: 4.2.42 Affected: 4.2.75 Affected: 4.5.224 Affected: 4.6.197 Affected: 4.7.78 Affected: 4.8.170 Affected: 4.9.205 Affected: 4.9.252 Affected: 4.9.269 Affected: 42.1.0.169 Affected: 42.1.0.21190 Affected: 42.1.0.2219 Affected: 42.10 Affected: 42.10.0.23814 Affected: 42.10.0.24000 Affected: 42.11 Affected: 42.11.0.24187 Affected: 42.12 Affected: 42.12.0.24485 Affected: 42.2 Affected: 42.2.0.21338 Affected: 42.2.0.21486 Affected: 42.3 Affected: 42.3.0.21576 Affected: 42.4.1.22032 Affected: 42.5.0.22259 Affected: 42.6 Affected: 42.6.0.22565 Affected: 42.6.0.22645 Affected: 42.7 Affected: 42.7.0.22904 Affected: 42.7.0.23054 Affected: 42.8 Affected: 42.8.0.23214 Affected: 42.8.0.23281 Affected: 42.9 Affected: 42.9.0.23494 Affected: 43.1 Affected: 43.1.0.24716 Affected: 43.2 Affected: 43.2.0.25157 Affected: 43.2.0.25211 Affected: 43.3 Affected: 43.3.0.25468 Affected: 43.4 Affected: 43.4.0.25788 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:webex_teams:3.0.13464.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.13538.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.13588.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14154.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14234.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14375.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14741.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.14866.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15015.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15036.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15092.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15131.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15164.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15221.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15333.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15410.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15485.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15645.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.15711.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16040.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16269.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16273.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:3.0.16285.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.13:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.14:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.15:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.16:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.17:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.18:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.19:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.20:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.1.57:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.1.92:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.10.343:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.11.211:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.12.236:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.13.200:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.2.42:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.2.75:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.5.224:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.6.197:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.7.78:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.8.170:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9.205:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9.252:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:4.9.269:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.1.0.169:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.1.0.21190:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.1.0.2219:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.10.0.23814:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.10.0.24000:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.11:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.11.0.24187:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.12:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.12.0.24485:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.2.0.21338:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.2.0.21486:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.3.0.21576:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.4.1.22032:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.5.0.22259:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.6.0.22565:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.6.0.22645:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.7.0.22904:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.7.0.23054:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.8.0.23214:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.8.0.23281:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:42.9.0.23494:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.1.0.24716:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.2.0.25157:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.2.0.25211:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.3.0.25468:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:webex_teams:43.4.0.25788:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webex_teams",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "3.0.13464.0"
},
{
"status": "affected",
"version": "3.0.13538.0"
},
{
"status": "affected",
"version": "3.0.13588.0"
},
{
"status": "affected",
"version": "3.0.14154.0"
},
{
"status": "affected",
"version": "3.0.14234.0"
},
{
"status": "affected",
"version": "3.0.14375.0"
},
{
"status": "affected",
"version": "3.0.14741.0"
},
{
"status": "affected",
"version": "3.0.14866.0"
},
{
"status": "affected",
"version": "3.0.15015.0"
},
{
"status": "affected",
"version": "3.0.15036.0"
},
{
"status": "affected",
"version": "3.0.15092.0"
},
{
"status": "affected",
"version": "3.0.15131.0"
},
{
"status": "affected",
"version": "3.0.15164.0"
},
{
"status": "affected",
"version": "3.0.15221.0"
},
{
"status": "affected",
"version": "3.0.15333.0"
},
{
"status": "affected",
"version": "3.0.15410.0"
},
{
"status": "affected",
"version": "3.0.15485.0"
},
{
"status": "affected",
"version": "3.0.15645.0"
},
{
"status": "affected",
"version": "3.0.15711.0"
},
{
"status": "affected",
"version": "3.0.16040.0"
},
{
"status": "affected",
"version": "3.0.16269.0"
},
{
"status": "affected",
"version": "3.0.16273.0"
},
{
"status": "affected",
"version": "3.0.16285.0"
},
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.10"
},
{
"status": "affected",
"version": "4.12"
},
{
"status": "affected",
"version": "4.13"
},
{
"status": "affected",
"version": "4.14"
},
{
"status": "affected",
"version": "4.15"
},
{
"status": "affected",
"version": "4.16"
},
{
"status": "affected",
"version": "4.17"
},
{
"status": "affected",
"version": "4.18"
},
{
"status": "affected",
"version": "4.19"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.20"
},
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6"
},
{
"status": "affected",
"version": "4.8"
},
{
"status": "affected",
"version": "4.9"
},
{
"status": "affected",
"version": "4.1.57"
},
{
"status": "affected",
"version": "4.1.92"
},
{
"status": "affected",
"version": "4.10.343"
},
{
"status": "affected",
"version": "4.11.211"
},
{
"status": "affected",
"version": "4.12.236"
},
{
"status": "affected",
"version": "4.13.200"
},
{
"status": "affected",
"version": "4.2.42"
},
{
"status": "affected",
"version": "4.2.75"
},
{
"status": "affected",
"version": "4.5.224"
},
{
"status": "affected",
"version": "4.6.197"
},
{
"status": "affected",
"version": "4.7.78"
},
{
"status": "affected",
"version": "4.8.170"
},
{
"status": "affected",
"version": "4.9.205"
},
{
"status": "affected",
"version": "4.9.252"
},
{
"status": "affected",
"version": "4.9.269"
},
{
"status": "affected",
"version": "42.1.0.169"
},
{
"status": "affected",
"version": "42.1.0.21190"
},
{
"status": "affected",
"version": "42.1.0.2219"
},
{
"status": "affected",
"version": "42.10"
},
{
"status": "affected",
"version": "42.10.0.23814"
},
{
"status": "affected",
"version": "42.10.0.24000"
},
{
"status": "affected",
"version": "42.11"
},
{
"status": "affected",
"version": "42.11.0.24187"
},
{
"status": "affected",
"version": "42.12"
},
{
"status": "affected",
"version": "42.12.0.24485"
},
{
"status": "affected",
"version": "42.2"
},
{
"status": "affected",
"version": "42.2.0.21338"
},
{
"status": "affected",
"version": "42.2.0.21486"
},
{
"status": "affected",
"version": "42.3"
},
{
"status": "affected",
"version": "42.3.0.21576"
},
{
"status": "affected",
"version": "42.4.1.22032"
},
{
"status": "affected",
"version": "42.5.0.22259"
},
{
"status": "affected",
"version": "42.6"
},
{
"status": "affected",
"version": "42.6.0.22565"
},
{
"status": "affected",
"version": "42.6.0.22645"
},
{
"status": "affected",
"version": "42.7"
},
{
"status": "affected",
"version": "42.7.0.22904"
},
{
"status": "affected",
"version": "42.7.0.23054"
},
{
"status": "affected",
"version": "42.8"
},
{
"status": "affected",
"version": "42.8.0.23214"
},
{
"status": "affected",
"version": "42.8.0.23281"
},
{
"status": "affected",
"version": "42.9"
},
{
"status": "affected",
"version": "42.9.0.23494"
},
{
"status": "affected",
"version": "43.1"
},
{
"status": "affected",
"version": "43.1.0.24716"
},
{
"status": "affected",
"version": "43.2"
},
{
"status": "affected",
"version": "43.2.0.25157"
},
{
"status": "affected",
"version": "43.2.0.25211"
},
{
"status": "affected",
"version": "43.3"
},
{
"status": "affected",
"version": "43.3.0.25468"
},
{
"status": "affected",
"version": "43.4"
},
{
"status": "affected",
"version": "43.4.0.25788"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T03:55:23.962265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T13:23:45.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-webex-app-ZjNm8X8j",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Teams",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.13464.0"
},
{
"status": "affected",
"version": "3.0.13538.0"
},
{
"status": "affected",
"version": "3.0.13588.0"
},
{
"status": "affected",
"version": "3.0.14154.0"
},
{
"status": "affected",
"version": "3.0.14234.0"
},
{
"status": "affected",
"version": "3.0.14375.0"
},
{
"status": "affected",
"version": "3.0.14741.0"
},
{
"status": "affected",
"version": "3.0.14866.0"
},
{
"status": "affected",
"version": "3.0.15015.0"
},
{
"status": "affected",
"version": "3.0.15036.0"
},
{
"status": "affected",
"version": "3.0.15092.0"
},
{
"status": "affected",
"version": "3.0.15131.0"
},
{
"status": "affected",
"version": "3.0.15164.0"
},
{
"status": "affected",
"version": "3.0.15221.0"
},
{
"status": "affected",
"version": "3.0.15333.0"
},
{
"status": "affected",
"version": "3.0.15410.0"
},
{
"status": "affected",
"version": "3.0.15485.0"
},
{
"status": "affected",
"version": "3.0.15645.0"
},
{
"status": "affected",
"version": "3.0.15711.0"
},
{
"status": "affected",
"version": "3.0.16040.0"
},
{
"status": "affected",
"version": "3.0.16269.0"
},
{
"status": "affected",
"version": "3.0.16273.0"
},
{
"status": "affected",
"version": "3.0.16285.0"
},
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.10"
},
{
"status": "affected",
"version": "4.12"
},
{
"status": "affected",
"version": "4.13"
},
{
"status": "affected",
"version": "4.14"
},
{
"status": "affected",
"version": "4.15"
},
{
"status": "affected",
"version": "4.16"
},
{
"status": "affected",
"version": "4.17"
},
{
"status": "affected",
"version": "4.18"
},
{
"status": "affected",
"version": "4.19"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.20"
},
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6"
},
{
"status": "affected",
"version": "4.8"
},
{
"status": "affected",
"version": "4.9"
},
{
"status": "affected",
"version": "4.1.57"
},
{
"status": "affected",
"version": "4.1.92"
},
{
"status": "affected",
"version": "4.10.343"
},
{
"status": "affected",
"version": "4.11.211"
},
{
"status": "affected",
"version": "4.12.236"
},
{
"status": "affected",
"version": "4.13.200"
},
{
"status": "affected",
"version": "4.2.42"
},
{
"status": "affected",
"version": "4.2.75"
},
{
"status": "affected",
"version": "4.5.224"
},
{
"status": "affected",
"version": "4.6.197"
},
{
"status": "affected",
"version": "4.7.78"
},
{
"status": "affected",
"version": "4.8.170"
},
{
"status": "affected",
"version": "4.9.205"
},
{
"status": "affected",
"version": "4.9.252"
},
{
"status": "affected",
"version": "4.9.269"
},
{
"status": "affected",
"version": "42.1.0.169"
},
{
"status": "affected",
"version": "42.1.0.21190"
},
{
"status": "affected",
"version": "42.1.0.2219"
},
{
"status": "affected",
"version": "42.10"
},
{
"status": "affected",
"version": "42.10.0.23814"
},
{
"status": "affected",
"version": "42.10.0.24000"
},
{
"status": "affected",
"version": "42.11"
},
{
"status": "affected",
"version": "42.11.0.24187"
},
{
"status": "affected",
"version": "42.12"
},
{
"status": "affected",
"version": "42.12.0.24485"
},
{
"status": "affected",
"version": "42.2"
},
{
"status": "affected",
"version": "42.2.0.21338"
},
{
"status": "affected",
"version": "42.2.0.21486"
},
{
"status": "affected",
"version": "42.3"
},
{
"status": "affected",
"version": "42.3.0.21576"
},
{
"status": "affected",
"version": "42.4.1.22032"
},
{
"status": "affected",
"version": "42.5.0.22259"
},
{
"status": "affected",
"version": "42.6"
},
{
"status": "affected",
"version": "42.6.0.22565"
},
{
"status": "affected",
"version": "42.6.0.22645"
},
{
"status": "affected",
"version": "42.7"
},
{
"status": "affected",
"version": "42.7.0.22904"
},
{
"status": "affected",
"version": "42.7.0.23054"
},
{
"status": "affected",
"version": "42.8"
},
{
"status": "affected",
"version": "42.8.0.23214"
},
{
"status": "affected",
"version": "42.8.0.23281"
},
{
"status": "affected",
"version": "42.9"
},
{
"status": "affected",
"version": "42.9.0.23494"
},
{
"status": "affected",
"version": "43.1"
},
{
"status": "affected",
"version": "43.1.0.24716"
},
{
"status": "affected",
"version": "43.2"
},
{
"status": "affected",
"version": "43.2.0.25157"
},
{
"status": "affected",
"version": "43.2.0.25211"
},
{
"status": "affected",
"version": "43.3"
},
{
"status": "affected",
"version": "43.3.0.25468"
},
{
"status": "affected",
"version": "43.4"
},
{
"status": "affected",
"version": "43.4.0.25788"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.\r\n\r This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "Unprotected Transport of Credentials",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T16:32:07.102Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-webex-app-ZjNm8X8j",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
],
"source": {
"advisory": "cisco-sa-webex-app-ZjNm8X8j",
"defects": [
"CSCwj36941",
"CSCwj36943"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20395",
"datePublished": "2024-07-17T16:32:07.102Z",
"dateReserved": "2023-11-08T15:08:07.659Z",
"dateUpdated": "2024-08-01T21:59:42.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…