Webex Meetings Online
CVE-2020-3142
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3.
AnalysisAI
A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3. Affected products include: Cisco Webex Meetings Online.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Webex Meetings Online
View allA vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attac
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an una
A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Record
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and Mac
A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windo
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today