Webex Meetings Online
CVE-2020-3412
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to create a scheduled meeting template. A successful exploit could allow the attacker to create a scheduled meeting template that would belong to a user other than themselves.
AnalysisAI
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to create a scheduled meeting template. A successful exploit could allow the attacker to create a scheduled meeting template that would belong to a user other than themselves. Affected products include: Cisco Webex Meetings Online.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Webex Meetings Online
View allA vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attac
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an una
A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Record
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and Mac
A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windo
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today