Severity Rating: HIGH
Software Affected
Cisco Webex Meetings sites releases WBS 39.5.25 and prior to, WBS 40.4.10
and prior to, or release WBS 40.6.0
Cisco Webex Meetings Server releases 4.0MR3 and prior to.
Overview
A vulnerability have been reported in Cisco Webex Meetings and Cisco Webex
Meetings Server which could allow an unauthenticated, remote attacker to
gain unauthorized access to a vulnerable Webex site.
Description
A Vulnerability exists in Cisco Webex Meetings and Cisco Webex Meetings
Server due to improper handling of authentication tokens by a vulnerable
Webex site that could allow the attacker to gain unauthorized access to a
vulnerable Webex site. An attacker could exploit this vulnerability by
sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco
Webex Meetings Server site.
Successful exploitation of this vulnerability could allow the attacker to
gain the privileges of another user within the affected Webex site.
Solution
Apply appropriate updates as mentioned in:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-token-zPvEjKN
Vendor Information
CISCO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-token-zPvEjKN
References
CISCO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-token-zPvEjKN
CVE Name
CVE-2020-3361
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.